diff --git a/apparmor.d/groups/apps/calibre b/apparmor.d/groups/apps/calibre index e07b6dcc..7e4dc17e 100644 --- a/apparmor.d/groups/apps/calibre +++ b/apparmor.d/groups/apps/calibre @@ -53,7 +53,7 @@ profile calibre @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ldconfig{,.real} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/file rix, @{bin}/uname rix, @{lib}/@{multiarch}/qt5/libexec/QtWebEngineProcess rix, diff --git a/apparmor.d/groups/apps/discord b/apparmor.d/groups/apps/discord index ab777eb8..99ea2b8a 100644 --- a/apparmor.d/groups/apps/discord +++ b/apparmor.d/groups/apps/discord @@ -43,7 +43,7 @@ profile discord @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xdg-open rCx -> open, #@{bin}/lsb_release rCx -> lsb_release, @@ -120,7 +120,7 @@ profile discord @{exec_path} { @{bin}/xdg-mime mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/cut rix, @{bin}/{,e}grep rix, @@ -170,7 +170,7 @@ profile discord @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apps/dropbox b/apparmor.d/groups/apps/dropbox index 99423e43..e420b166 100644 --- a/apparmor.d/groups/apps/dropbox +++ b/apparmor.d/groups/apps/dropbox @@ -51,7 +51,7 @@ profile dropbox @{exec_path} { owner @{DROPBOX_DEMON_DIR}/dropbox-lnx.*/*.so* mrw, owner @{DROPBOX_DEMON_DIR}/dropbox-lnx.*/plugins/platforms/*.so mrw, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/readlink rix, @{bin}/dirname rix, @{bin}/uname rix, @@ -129,7 +129,7 @@ profile dropbox @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apps/filezilla b/apparmor.d/groups/apps/filezilla index 1f870008..120541f4 100644 --- a/apparmor.d/groups/apps/filezilla +++ b/apparmor.d/groups/apps/filezilla @@ -21,7 +21,7 @@ profile filezilla @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, # When using SFTP protocol diff --git a/apparmor.d/groups/apps/flameshot b/apparmor.d/groups/apps/flameshot index 3029611f..4fddb4db 100644 --- a/apparmor.d/groups/apps/flameshot +++ b/apparmor.d/groups/apps/flameshot @@ -76,7 +76,7 @@ profile flameshot @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apps/freetube b/apparmor.d/groups/apps/freetube index f380e757..02c68e70 100644 --- a/apparmor.d/groups/apps/freetube +++ b/apparmor.d/groups/apps/freetube @@ -103,7 +103,7 @@ profile freetube @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apps/okular b/apparmor.d/groups/apps/okular index 19eb7852..08f6b902 100644 --- a/apparmor.d/groups/apps/okular +++ b/apparmor.d/groups/apps/okular @@ -103,7 +103,7 @@ profile okular @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apps/telegram-desktop b/apparmor.d/groups/apps/telegram-desktop index dbc13db8..1902b702 100644 --- a/apparmor.d/groups/apps/telegram-desktop +++ b/apparmor.d/groups/apps/telegram-desktop @@ -39,7 +39,7 @@ profile telegram-desktop @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, # Launch external apps @{bin}/xdg-open rCx -> open, @@ -98,7 +98,7 @@ profile telegram-desktop @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apt/apt b/apparmor.d/groups/apt/apt index b50b50f3..eecf6273 100644 --- a/apparmor.d/groups/apt/apt +++ b/apparmor.d/groups/apt/apt @@ -54,7 +54,7 @@ profile apt @{exec_path} flags=(attach_disconnected) { @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/echo rix, @{bin}/gdbus rix, @@ -153,7 +153,7 @@ profile apt @{exec_path} flags=(attach_disconnected) { include include - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/sensible-editor mr, @{bin}/vim.* mrix, @{bin}/which{,.debianutils} rix, @@ -176,7 +176,7 @@ profile apt @{exec_path} flags=(attach_disconnected) { capability dac_read_search, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/less rix, @{bin}/sensible-pager mr, @{bin}/which{,.debianutils} rix, diff --git a/apparmor.d/groups/apt/apt-key b/apparmor.d/groups/apt/apt-key index f88069f6..2334e30d 100644 --- a/apparmor.d/groups/apt/apt-key +++ b/apparmor.d/groups/apt/apt-key @@ -14,7 +14,7 @@ profile apt-key @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e,f}grep rix, @{bin}/{,m,g}awk rix, @{bin}/base64 rix, diff --git a/apparmor.d/groups/apt/apt-listbugs b/apparmor.d/groups/apt/apt-listbugs index 4e3cd14f..4c3451b7 100644 --- a/apparmor.d/groups/apt/apt-listbugs +++ b/apparmor.d/groups/apt/apt-listbugs @@ -26,7 +26,7 @@ profile apt-listbugs @{exec_path} { @{exec_path} r, @{bin}/ruby[0-9].@{int} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/logname rix, @{bin}/apt-config rPx, diff --git a/apparmor.d/groups/apt/apt-listchanges b/apparmor.d/groups/apt/apt-listchanges index a3830357..ba7038db 100644 --- a/apparmor.d/groups/apt/apt-listchanges +++ b/apparmor.d/groups/apt/apt-listchanges @@ -20,7 +20,7 @@ profile apt-listchanges @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/tar rix, # Do not strip env to avoid errors like the following: @@ -86,7 +86,7 @@ profile apt-listchanges @{exec_path} { @{bin}/sensible-pager mr, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/less rix, diff --git a/apparmor.d/groups/apt/apt-show-versions b/apparmor.d/groups/apt/apt-show-versions index 548e6918..d4624a40 100644 --- a/apparmor.d/groups/apt/apt-show-versions +++ b/apparmor.d/groups/apt/apt-show-versions @@ -16,7 +16,7 @@ profile apt-show-versions @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dpkg rPx -> child-dpkg, @{bin}/apt-get rPx, diff --git a/apparmor.d/groups/apt/apt-systemd-daily b/apparmor.d/groups/apt/apt-systemd-daily index 35996652..557641c2 100644 --- a/apparmor.d/groups/apt/apt-systemd-daily +++ b/apparmor.d/groups/apt/apt-systemd-daily @@ -14,7 +14,7 @@ profile apt-systemd-daily @{exec_path} { capability dac_read_search, @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/cmp rix, diff --git a/apparmor.d/groups/apt/aptitude b/apparmor.d/groups/apt/aptitude index b802608b..c26045c6 100644 --- a/apparmor.d/groups/apt/aptitude +++ b/apparmor.d/groups/apt/aptitude @@ -66,7 +66,7 @@ profile aptitude @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/test rix, @{bin}/{,e}grep rix, @@ -173,7 +173,7 @@ profile aptitude @{exec_path} flags=(complain) { @{bin}/ r, @{bin}/sensible-pager mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/less rix, diff --git a/apparmor.d/groups/apt/aptitude-create-state-bundle b/apparmor.d/groups/apt/aptitude-create-state-bundle index e0e39fea..1c4e8645 100644 --- a/apparmor.d/groups/apt/aptitude-create-state-bundle +++ b/apparmor.d/groups/apt/aptitude-create-state-bundle @@ -14,7 +14,7 @@ profile aptitude-create-state-bundle @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/tar rix, diff --git a/apparmor.d/groups/apt/aptitude-run-state-bundle b/apparmor.d/groups/apt/aptitude-run-state-bundle index fb5d3932..7e9ac716 100644 --- a/apparmor.d/groups/apt/aptitude-run-state-bundle +++ b/apparmor.d/groups/apt/aptitude-run-state-bundle @@ -15,7 +15,7 @@ profile aptitude-run-state-bundle @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/tar rix, @{bin}/bzip2 rix, diff --git a/apparmor.d/groups/apt/debconf-apt-progress b/apparmor.d/groups/apt/debconf-apt-progress index 632eae4f..56a9a297 100644 --- a/apparmor.d/groups/apt/debconf-apt-progress +++ b/apparmor.d/groups/apt/debconf-apt-progress @@ -33,7 +33,7 @@ profile debconf-apt-progress @{exec_path} flags=(complain) { @{bin}/debconf-apt-progress rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/groups/apt/debsecan b/apparmor.d/groups/apt/debsecan index 70d916cb..3338af32 100644 --- a/apparmor.d/groups/apt/debsecan +++ b/apparmor.d/groups/apt/debsecan @@ -25,7 +25,7 @@ profile debsecan @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, # Send results using email @{bin}/exim4 rPx, diff --git a/apparmor.d/groups/apt/debsign b/apparmor.d/groups/apt/debsign index 9c471ce1..d5dbe9bb 100644 --- a/apparmor.d/groups/apt/debsign +++ b/apparmor.d/groups/apt/debsign @@ -13,7 +13,7 @@ profile debsign @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/basename rix, @{bin}/cat rix, diff --git a/apparmor.d/groups/apt/debsums b/apparmor.d/groups/apt/debsums index 6dceb78c..7bc55f09 100644 --- a/apparmor.d/groups/apt/debsums +++ b/apparmor.d/groups/apt/debsums @@ -17,7 +17,7 @@ profile debsums @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, /etc/dpkg/dpkg.cfg.d/{,*} r, diff --git a/apparmor.d/groups/apt/dpkg b/apparmor.d/groups/apt/dpkg index e7283146..fa800741 100644 --- a/apparmor.d/groups/apt/dpkg +++ b/apparmor.d/groups/apt/dpkg @@ -21,7 +21,7 @@ profile dpkg @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/rm rix, diff --git a/apparmor.d/groups/apt/dpkg-preconfigure b/apparmor.d/groups/apt/dpkg-preconfigure index 00dfecac..1e6225e7 100644 --- a/apparmor.d/groups/apt/dpkg-preconfigure +++ b/apparmor.d/groups/apt/dpkg-preconfigure @@ -19,7 +19,7 @@ profile dpkg-preconfigure @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/locale rix, @{bin}/stty rix, diff --git a/apparmor.d/groups/apt/dpkg-query b/apparmor.d/groups/apt/dpkg-query index ccbb03fe..b61696b4 100644 --- a/apparmor.d/groups/apt/dpkg-query +++ b/apparmor.d/groups/apt/dpkg-query @@ -14,7 +14,7 @@ profile dpkg-query @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/pager rPx -> child-pager, @{bin}/less rPx -> child-pager, diff --git a/apparmor.d/groups/apt/querybts b/apparmor.d/groups/apt/querybts index 3851c9f0..ebf18c0f 100644 --- a/apparmor.d/groups/apt/querybts +++ b/apparmor.d/groups/apt/querybts @@ -30,7 +30,7 @@ profile querybts @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/ldconfig rix, @@ -66,7 +66,7 @@ profile querybts @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apt/reportbug b/apparmor.d/groups/apt/reportbug index 7ea666d6..54afbc1f 100644 --- a/apparmor.d/groups/apt/reportbug +++ b/apparmor.d/groups/apt/reportbug @@ -35,7 +35,7 @@ profile reportbug @{exec_path} { @{bin}/ldconfig rix, @{bin}/selinuxenabled rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/aa-enabled rix, @{bin}/locale rix, @{bin}/md5sum rix, @@ -115,7 +115,7 @@ profile reportbug @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/apt/synaptic b/apparmor.d/groups/apt/synaptic index 5d9a07f8..0ce7a757 100644 --- a/apparmor.d/groups/apt/synaptic +++ b/apparmor.d/groups/apt/synaptic @@ -64,7 +64,7 @@ profile synaptic @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e,f}grep rix, @{bin}/test rix, @{bin}/echo rix, diff --git a/apparmor.d/groups/apt/unattended-upgrade b/apparmor.d/groups/apt/unattended-upgrade index 58c07a76..026ff7ba 100644 --- a/apparmor.d/groups/apt/unattended-upgrade +++ b/apparmor.d/groups/apt/unattended-upgrade @@ -38,7 +38,7 @@ profile unattended-upgrade @{exec_path} flags=(attach_disconnected) { @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/echo rix, @{bin}/gdbus rix, @{bin}/ischroot rix, diff --git a/apparmor.d/groups/browsers/brave-wrapper b/apparmor.d/groups/browsers/brave-wrapper index bc78f4ef..69faa298 100644 --- a/apparmor.d/groups/browsers/brave-wrapper +++ b/apparmor.d/groups/browsers/brave-wrapper @@ -17,7 +17,7 @@ profile brave-wrapper @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/dirname rix, @{bin}/mkdir rix, diff --git a/apparmor.d/groups/browsers/chrome-wrapper b/apparmor.d/groups/browsers/chrome-wrapper index ab2ba015..54a7e7d1 100644 --- a/apparmor.d/groups/browsers/chrome-wrapper +++ b/apparmor.d/groups/browsers/chrome-wrapper @@ -16,7 +16,7 @@ profile chrome-wrapper @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/dirname rix, @{bin}/mkdir rix, diff --git a/apparmor.d/groups/browsers/chromium-wrapper b/apparmor.d/groups/browsers/chromium-wrapper index 3d882e9f..f3037f5b 100644 --- a/apparmor.d/groups/browsers/chromium-wrapper +++ b/apparmor.d/groups/browsers/chromium-wrapper @@ -16,7 +16,7 @@ profile chromium-wrapper @{exec_path} { @{lib}/chromium/chromium rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/cat rix, @{bin}/cut rix, diff --git a/apparmor.d/groups/browsers/firefox b/apparmor.d/groups/browsers/firefox index bcb6611a..57982e4b 100644 --- a/apparmor.d/groups/browsers/firefox +++ b/apparmor.d/groups/browsers/firefox @@ -83,7 +83,7 @@ profile firefox @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/expr rix, diff --git a/apparmor.d/groups/bus/ibus-daemon b/apparmor.d/groups/bus/ibus-daemon index edf47c3e..13eadbce 100644 --- a/apparmor.d/groups/bus/ibus-daemon +++ b/apparmor.d/groups/bus/ibus-daemon @@ -35,7 +35,7 @@ profile ibus-daemon @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/{,ibus/}ibus-* rPUx, /usr/share/ibus/{,**} r, diff --git a/apparmor.d/groups/bus/ibus-engine-table b/apparmor.d/groups/bus/ibus-engine-table index e7d0adc4..4addd158 100644 --- a/apparmor.d/groups/bus/ibus-engine-table +++ b/apparmor.d/groups/bus/ibus-engine-table @@ -13,7 +13,7 @@ profile ibus-engine-table @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/python3.@{int} rix, /usr/share/ibus-table/engine/{,**} r, diff --git a/apparmor.d/groups/children/child-open b/apparmor.d/groups/children/child-open index 4f6d09bf..8a95962d 100644 --- a/apparmor.d/groups/children/child-open +++ b/apparmor.d/groups/children/child-open @@ -31,7 +31,7 @@ profile child-open { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,m,g}awk rix, @{bin}/basename rix, @{bin}/readlink rix, diff --git a/apparmor.d/groups/cron/cron b/apparmor.d/groups/cron/cron index d92f9392..118e951e 100644 --- a/apparmor.d/groups/cron/cron +++ b/apparmor.d/groups/cron/cron @@ -28,7 +28,7 @@ profile cron @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/nice rix, @{bin}/ionice rix, @{bin}/exim4 rPx, diff --git a/apparmor.d/groups/cron/cron-anacron b/apparmor.d/groups/cron/cron-anacron index 7e77f28d..6f7e34d7 100644 --- a/apparmor.d/groups/cron/cron-anacron +++ b/apparmor.d/groups/cron/cron-anacron @@ -13,7 +13,7 @@ profile cron-anacron @{exec_path} { @{exec_path} r, @{bin}/anacron rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/date rix, diff --git a/apparmor.d/groups/cron/cron-apport b/apparmor.d/groups/cron/cron-apport index 9fd62eef..43766c8d 100644 --- a/apparmor.d/groups/cron/cron-apport +++ b/apparmor.d/groups/cron/cron-apport @@ -12,7 +12,7 @@ profile cron-apport @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/find rix, @{bin}/rm rix, diff --git a/apparmor.d/groups/cron/cron-apt b/apparmor.d/groups/cron/cron-apt index 44a1f04d..c2d80609 100644 --- a/apparmor.d/groups/cron/cron-apt +++ b/apparmor.d/groups/cron/cron-apt @@ -17,7 +17,7 @@ profile cron-apt @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dotlockfile rix, @{bin}/sed rix, @{bin}/mktemp rix, diff --git a/apparmor.d/groups/cron/cron-apt-compat b/apparmor.d/groups/cron/cron-apt-compat index af7f3342..62ebfb76 100644 --- a/apparmor.d/groups/cron/cron-apt-compat +++ b/apparmor.d/groups/cron/cron-apt-compat @@ -12,7 +12,7 @@ profile cron-apt-compat @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/on_ac_power rPx, diff --git a/apparmor.d/groups/cron/cron-apt-listbugs b/apparmor.d/groups/cron/cron-apt-listbugs index 601b6f87..a07eac77 100644 --- a/apparmor.d/groups/cron/cron-apt-listbugs +++ b/apparmor.d/groups/cron/cron-apt-listbugs @@ -12,7 +12,7 @@ profile cron-apt-listbugs @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/ruby/vendor_ruby/aptlistbugs/prefclean rCx -> prefclean, @@ -24,7 +24,7 @@ profile cron-apt-listbugs @{exec_path} { @{lib}/ruby/vendor_ruby/aptlistbugs/prefclean mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mktemp rix, @{bin}/rm rix, @{bin}/cp rix, diff --git a/apparmor.d/groups/cron/cron-apt-show-versions b/apparmor.d/groups/cron/cron-apt-show-versions index e5fa980e..2b6b0c13 100644 --- a/apparmor.d/groups/cron/cron-apt-show-versions +++ b/apparmor.d/groups/cron/cron-apt-show-versions @@ -12,7 +12,7 @@ profile cron-apt-show-versions @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/apt-show-versions rPx, diff --git a/apparmor.d/groups/cron/cron-apt-xapian-index b/apparmor.d/groups/cron/cron-apt-xapian-index index 0c66bf06..ce350207 100644 --- a/apparmor.d/groups/cron/cron-apt-xapian-index +++ b/apparmor.d/groups/cron/cron-apt-xapian-index @@ -12,7 +12,7 @@ profile cron-apt-xapian-index @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/groups/cron/cron-aptitude b/apparmor.d/groups/cron/cron-aptitude index 05f9ba71..6157928d 100644 --- a/apparmor.d/groups/cron/cron-aptitude +++ b/apparmor.d/groups/cron/cron-aptitude @@ -12,7 +12,7 @@ profile cron-aptitude @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cp rix, @{bin}/date rix, diff --git a/apparmor.d/groups/cron/cron-cracklib b/apparmor.d/groups/cron/cron-cracklib index aaf88573..caf58b9c 100644 --- a/apparmor.d/groups/cron/cron-cracklib +++ b/apparmor.d/groups/cron/cron-cracklib @@ -13,7 +13,7 @@ profile cron-cracklib @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/logger rix, @{bin}/update-cracklib rPx, diff --git a/apparmor.d/groups/cron/cron-debsums b/apparmor.d/groups/cron/cron-debsums index 2c2fc2a0..9598e526 100644 --- a/apparmor.d/groups/cron/cron-debsums +++ b/apparmor.d/groups/cron/cron-debsums @@ -13,7 +13,7 @@ profile cron-debsums @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/true rix, @{bin}/logger rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/cron/cron-debtags b/apparmor.d/groups/cron/cron-debtags index 0befbbfb..325ca059 100644 --- a/apparmor.d/groups/cron/cron-debtags +++ b/apparmor.d/groups/cron/cron-debtags @@ -12,7 +12,7 @@ profile cron-debtags @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /usr/bin/debtags rPx, diff --git a/apparmor.d/groups/cron/cron-dlocate b/apparmor.d/groups/cron/cron-dlocate index 424e539a..337453a1 100644 --- a/apparmor.d/groups/cron/cron-dlocate +++ b/apparmor.d/groups/cron/cron-dlocate @@ -12,7 +12,7 @@ profile cron-dlocate @{exec_path} { include @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/update-dlocatedb rPx, diff --git a/apparmor.d/groups/cron/cron-etckeeper b/apparmor.d/groups/cron/cron-etckeeper index b56e3691..3d9b4c72 100644 --- a/apparmor.d/groups/cron/cron-etckeeper +++ b/apparmor.d/groups/cron/cron-etckeeper @@ -13,7 +13,7 @@ profile cron-etckeeper @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/rm rix, @{bin}/find rix, @{bin}/etckeeper rPx, diff --git a/apparmor.d/groups/cron/cron-exim4-base b/apparmor.d/groups/cron/cron-exim4-base index 6ef57190..61a51892 100644 --- a/apparmor.d/groups/cron/cron-exim4-base +++ b/apparmor.d/groups/cron/cron-exim4-base @@ -25,7 +25,7 @@ profile cron-exim4-base @{exec_path} { network netlink raw, @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/sed rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/groups/cron/cron-ipset-autoban-save b/apparmor.d/groups/cron/cron-ipset-autoban-save index 2a3cb0c8..a181ea09 100644 --- a/apparmor.d/groups/cron/cron-ipset-autoban-save +++ b/apparmor.d/groups/cron/cron-ipset-autoban-save @@ -13,7 +13,7 @@ profile cron-ipset-autoban-save @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ipset rix, diff --git a/apparmor.d/groups/cron/cron-logrotate b/apparmor.d/groups/cron/cron-logrotate index 3d8b8988..3d4aa2d2 100644 --- a/apparmor.d/groups/cron/cron-logrotate +++ b/apparmor.d/groups/cron/cron-logrotate @@ -12,7 +12,7 @@ profile cron-logrotate @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/logrotate rPx, diff --git a/apparmor.d/groups/cron/cron-man-db b/apparmor.d/groups/cron/cron-man-db index 1873f390..979f4e35 100644 --- a/apparmor.d/groups/cron/cron-man-db +++ b/apparmor.d/groups/cron/cron-man-db @@ -17,7 +17,7 @@ profile cron-man-db @{exec_path} { capability setuid, @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/start-stop-daemon rix, diff --git a/apparmor.d/groups/cron/cron-mlocate b/apparmor.d/groups/cron/cron-mlocate index 8ec3ef6c..87ecc04f 100644 --- a/apparmor.d/groups/cron/cron-mlocate +++ b/apparmor.d/groups/cron/cron-mlocate @@ -13,7 +13,7 @@ profile cron-mlocate @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/true rix, diff --git a/apparmor.d/groups/cron/cron-plocate b/apparmor.d/groups/cron/cron-plocate index caa138cf..298b2f91 100644 --- a/apparmor.d/groups/cron/cron-plocate +++ b/apparmor.d/groups/cron/cron-plocate @@ -13,7 +13,7 @@ profile cron-plocate @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/true rix, diff --git a/apparmor.d/groups/cron/cron-popularity-contest b/apparmor.d/groups/cron/cron-popularity-contest index 4f1c1816..8b68895e 100644 --- a/apparmor.d/groups/cron/cron-popularity-contest +++ b/apparmor.d/groups/cron/cron-popularity-contest @@ -12,23 +12,24 @@ profile cron-popularity-contest @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/popularity-contest rPx, - @{bin}/logger rix, - @{bin}/date rix, - @{bin}/mktemp rix, - @{bin}/mkdir rix, - @{bin}/rm rix, - @{bin}/mv rix, @{bin}/cat rix, + @{bin}/date rix, + @{bin}/grep rix, + @{bin}/logger rix, + @{bin}/mkdir rix, + @{bin}/mktemp rix, + @{bin}/mv rix, + @{bin}/rm rix, @{bin}/setsid rix, # To send reports via TOR @{bin}/torify rix, @{bin}/torsocks rix, - @{bin}/getcap rix, + @{bin}/getcap rix, /usr/share/popularity-contest/popcon-upload rCx -> popcon-upload, @{bin}/gpg{,2} rCx -> gpg, @@ -74,7 +75,7 @@ profile cron-popularity-contest @{exec_path} { @{bin}/touch rix, @{bin}/gzip rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /var/log/ r, /var/log/popularity-contest.[0-9]*.gz rw, @@ -94,7 +95,7 @@ profile cron-popularity-contest @{exec_path} { @{bin}/runuser mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/popularity-contest rPx, diff --git a/apparmor.d/groups/cron/cron-sysstat b/apparmor.d/groups/cron/cron-sysstat index 397ddf72..07eb431c 100644 --- a/apparmor.d/groups/cron/cron-sysstat +++ b/apparmor.d/groups/cron/cron-sysstat @@ -13,7 +13,7 @@ profile cron-sysstat @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/sysstat/sa2 rPx, /etc/default/sysstat r, diff --git a/apparmor.d/groups/cron/crontab b/apparmor.d/groups/cron/crontab index 32786a1c..86bac655 100644 --- a/apparmor.d/groups/cron/crontab +++ b/apparmor.d/groups/cron/crontab @@ -18,7 +18,7 @@ profile crontab @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, # When editing the crontab file @{bin}/sensible-editor rCx -> editor, @@ -42,7 +42,7 @@ profile crontab @{exec_path} { @{bin}/sensible-editor mr, @{bin}/vim.* mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, owner @{HOME}/.selected_editor r, diff --git a/apparmor.d/groups/freedesktop/cpupower b/apparmor.d/groups/freedesktop/cpupower index b0872324..6c9e65ee 100644 --- a/apparmor.d/groups/freedesktop/cpupower +++ b/apparmor.d/groups/freedesktop/cpupower @@ -20,7 +20,7 @@ profile cpupower @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/kmod rCx -> kmod, @{bin}/man rPx, diff --git a/apparmor.d/groups/freedesktop/plymouth-set-default-theme b/apparmor.d/groups/freedesktop/plymouth-set-default-theme index 938987ee..de2c37b2 100644 --- a/apparmor.d/groups/freedesktop/plymouth-set-default-theme +++ b/apparmor.d/groups/freedesktop/plymouth-set-default-theme @@ -13,7 +13,7 @@ profile plymouth-set-default-theme @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/grep rix, @{bin}/plymouth rPx, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-menu b/apparmor.d/groups/freedesktop/xdg-desktop-menu index 25eed141..5c2533c3 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-menu +++ b/apparmor.d/groups/freedesktop/xdg-desktop-menu @@ -15,7 +15,7 @@ profile xdg-desktop-menu @{exec_path} flags=(complain) { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mkdir rix, @{bin}/sed rix, @{bin}/cut rix, diff --git a/apparmor.d/groups/freedesktop/xdg-desktop-portal b/apparmor.d/groups/freedesktop/xdg-desktop-portal index 108d1986..ddd6fab0 100644 --- a/apparmor.d/groups/freedesktop/xdg-desktop-portal +++ b/apparmor.d/groups/freedesktop/xdg-desktop-portal @@ -54,7 +54,7 @@ profile xdg-desktop-portal @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/nautilus rPx, @{bin}/snap rPUx, diff --git a/apparmor.d/groups/freedesktop/xdg-email b/apparmor.d/groups/freedesktop/xdg-email index 63525c64..bb84806e 100644 --- a/apparmor.d/groups/freedesktop/xdg-email +++ b/apparmor.d/groups/freedesktop/xdg-email @@ -13,16 +13,19 @@ profile xdg-email @{exec_path} flags=(complain) { @{exec_path} r, - @{bin}/{,ba,da}sh rix, - @{bin}/{,e}grep rix, - @{bin}/basename rix, - @{bin}/cut rix, - @{bin}/gio rPx, - @{bin}/readlink rix, - @{bin}/sed rix, - @{bin}/which rix, - @{bin}/xdg-mime rPx, - + @{sh_path} rix, + @{bin}/{,e}grep rix, + @{bin}/{m,g,}awk rix, + @{bin}/basename rix, + @{bin}/cut rix, + @{bin}/echo rix, + @{bin}/gio rPx, + @{bin}/kreadconfig5 rPx, + @{bin}/readlink rix, + @{bin}/sed rix, + @{bin}/tail rix, + @{bin}/which{,.debianutils} rix, + @{bin}/xdg-mime rPx, @{thunderbird_path} rPx, owner /dev/tty@{int} rw, diff --git a/apparmor.d/groups/freedesktop/xdg-icon-resource b/apparmor.d/groups/freedesktop/xdg-icon-resource index 1a79039a..912c1835 100644 --- a/apparmor.d/groups/freedesktop/xdg-icon-resource +++ b/apparmor.d/groups/freedesktop/xdg-icon-resource @@ -15,7 +15,7 @@ profile xdg-icon-resource @{exec_path} flags=(attach_disconnected) { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/whoami rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/freedesktop/xdg-mime b/apparmor.d/groups/freedesktop/xdg-mime index acbab312..c7a0a253 100644 --- a/apparmor.d/groups/freedesktop/xdg-mime +++ b/apparmor.d/groups/freedesktop/xdg-mime @@ -14,7 +14,7 @@ profile xdg-mime @{exec_path} flags=(attach_disconnected) { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/freedesktop/xdg-open b/apparmor.d/groups/freedesktop/xdg-open index c2b96d79..b0b239ac 100644 --- a/apparmor.d/groups/freedesktop/xdg-open +++ b/apparmor.d/groups/freedesktop/xdg-open @@ -15,7 +15,7 @@ profile xdg-open @{exec_path} flags=(attach_disconnected) { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/sed rix, @{bin}/cut rix, diff --git a/apparmor.d/groups/freedesktop/xdg-screensaver b/apparmor.d/groups/freedesktop/xdg-screensaver index 2927b7c7..af03c344 100644 --- a/apparmor.d/groups/freedesktop/xdg-screensaver +++ b/apparmor.d/groups/freedesktop/xdg-screensaver @@ -16,7 +16,7 @@ profile xdg-screensaver @{exec_path} { @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mv rix, @{bin}/{,e}grep rix, @{bin}/sed rix, diff --git a/apparmor.d/groups/freedesktop/xdg-settings b/apparmor.d/groups/freedesktop/xdg-settings index 80c8e657..f5030b0d 100644 --- a/apparmor.d/groups/freedesktop/xdg-settings +++ b/apparmor.d/groups/freedesktop/xdg-settings @@ -14,7 +14,7 @@ profile xdg-settings @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/basename rix, @{bin}/cat rix, diff --git a/apparmor.d/groups/freedesktop/xdg-user-dir b/apparmor.d/groups/freedesktop/xdg-user-dir index 51bd9e9e..7404dc40 100644 --- a/apparmor.d/groups/freedesktop/xdg-user-dir +++ b/apparmor.d/groups/freedesktop/xdg-user-dir @@ -12,7 +12,7 @@ profile xdg-user-dir @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/env rix, owner @{user_config_dirs}/user-dirs.dirs r, diff --git a/apparmor.d/groups/freedesktop/xorg b/apparmor.d/groups/freedesktop/xorg index 717178a5..4fb448c6 100644 --- a/apparmor.d/groups/freedesktop/xorg +++ b/apparmor.d/groups/freedesktop/xorg @@ -45,7 +45,7 @@ profile xorg @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xkbcomp rPx, @{bin}/pkexec rPx, diff --git a/apparmor.d/groups/freedesktop/xrdb b/apparmor.d/groups/freedesktop/xrdb index f995d4fc..c57e61d4 100644 --- a/apparmor.d/groups/freedesktop/xrdb +++ b/apparmor.d/groups/freedesktop/xrdb @@ -17,7 +17,7 @@ profile xrdb @{exec_path} { @{exec_path} mr, @{bin}/{,*-}cpp-[0-9]* rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cpp rix, @{lib}/gcc/@{multiarch}/@{int}*/cc1 rix, @{lib}/llvm-[0-9]*/bin/clang rix, diff --git a/apparmor.d/groups/freedesktop/xwayland b/apparmor.d/groups/freedesktop/xwayland index e8337c13..5f52fdb6 100644 --- a/apparmor.d/groups/freedesktop/xwayland +++ b/apparmor.d/groups/freedesktop/xwayland @@ -23,7 +23,7 @@ profile xwayland @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xkbcomp rPx, /usr/share/fonts/{,**} r, diff --git a/apparmor.d/groups/gnome/gdm b/apparmor.d/groups/gnome/gdm index 62cc86e2..64a0b27a 100644 --- a/apparmor.d/groups/gnome/gdm +++ b/apparmor.d/groups/gnome/gdm @@ -47,7 +47,7 @@ profile gdm @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/pidof rPx, @{bin}/plymouth rPx, @{bin}/prime-switch rPUx, diff --git a/apparmor.d/groups/gnome/gdm-generate-config b/apparmor.d/groups/gnome/gdm-generate-config index 9a21a573..3d277728 100644 --- a/apparmor.d/groups/gnome/gdm-generate-config +++ b/apparmor.d/groups/gnome/gdm-generate-config @@ -20,7 +20,7 @@ profile gdm-generate-config @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dconf rix, @{bin}/install rix, @{bin}/pgrep rix, diff --git a/apparmor.d/groups/gnome/gdm-wayland-session b/apparmor.d/groups/gnome/gdm-wayland-session index f002c721..e1ad3f5e 100644 --- a/apparmor.d/groups/gnome/gdm-wayland-session +++ b/apparmor.d/groups/gnome/gdm-wayland-session @@ -32,7 +32,7 @@ profile gdm-wayland-session @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/env rix, @{bin}/gettext rix, diff --git a/apparmor.d/groups/gnome/gdm-xsession b/apparmor.d/groups/gnome/gdm-xsession index d8624f24..f3f42649 100644 --- a/apparmor.d/groups/gnome/gdm-xsession +++ b/apparmor.d/groups/gnome/gdm-xsession @@ -17,7 +17,7 @@ profile gdm-xsession @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/cat rix, diff --git a/apparmor.d/groups/gnome/gnome-extension-ding b/apparmor.d/groups/gnome/gnome-extension-ding index 389890e8..92cefd7c 100644 --- a/apparmor.d/groups/gnome/gnome-extension-ding +++ b/apparmor.d/groups/gnome/gnome-extension-ding @@ -50,7 +50,7 @@ profile gnome-extension-ding @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/env rix, @{bin}/gjs-console rix, @{bin}/gnome-control-center rPx, diff --git a/apparmor.d/groups/gnome/gnome-extension-gsconnect b/apparmor.d/groups/gnome/gnome-extension-gsconnect index d5aae9d9..74ef535b 100644 --- a/apparmor.d/groups/gnome/gnome-extension-gsconnect +++ b/apparmor.d/groups/gnome/gnome-extension-gsconnect @@ -35,7 +35,7 @@ profile gnome-extension-gsconnect @{exec_path} { @{bin}/env rix, @{bin}/gjs-console rix, @{bin}/openssl rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ssh-add rix, @{bin}/ssh-keygen rPx, diff --git a/apparmor.d/groups/gnome/gnome-extensions-app b/apparmor.d/groups/gnome/gnome-extensions-app index 6ea3d17b..a7aac540 100644 --- a/apparmor.d/groups/gnome/gnome-extensions-app +++ b/apparmor.d/groups/gnome/gnome-extensions-app @@ -16,7 +16,7 @@ profile gnome-extensions-app @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gjs-console rix, @{open_path} rPx -> child-open, diff --git a/apparmor.d/groups/gnome/nautilus b/apparmor.d/groups/gnome/nautilus index 72b0c8d8..b0018819 100644 --- a/apparmor.d/groups/gnome/nautilus +++ b/apparmor.d/groups/gnome/nautilus @@ -75,7 +75,7 @@ profile nautilus @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/bwrap rPUx, @{bin}/file-roller rPx, @{bin}/firejail rPUx, diff --git a/apparmor.d/groups/grub/grub-check-signatures b/apparmor.d/groups/grub/grub-check-signatures index 13f49041..f34135c8 100644 --- a/apparmor.d/groups/grub/grub-check-signatures +++ b/apparmor.d/groups/grub/grub-check-signatures @@ -13,7 +13,7 @@ profile grub-check-signatures @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}//mktemp rix, @{bin}//od rix, diff --git a/apparmor.d/groups/grub/grub-install b/apparmor.d/groups/grub/grub-install index 85d0177f..efbca26f 100644 --- a/apparmor.d/groups/grub/grub-install +++ b/apparmor.d/groups/grub/grub-install @@ -18,7 +18,7 @@ profile grub-install @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/efibootmgr rix, @{bin}/kmod rPx, @{bin}/lsb_release rPx -> lsb_release, diff --git a/apparmor.d/groups/grub/grub-mkconfig b/apparmor.d/groups/grub/grub-mkconfig index e738ebf3..a3f842fd 100644 --- a/apparmor.d/groups/grub/grub-mkconfig +++ b/apparmor.d/groups/grub/grub-mkconfig @@ -21,7 +21,7 @@ profile grub-mkconfig @{exec_path} flags=(attach_disconnected) { /{usr/,}{local/,}{s,}bin/zpool rPx, @{bin}/dmsetup rPUx, @{bin}/grub-probe rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{e,f,}grep rix, @{bin}/{m,g,}awk rix, @{bin}/basename rix, diff --git a/apparmor.d/groups/grub/grub-multi-install b/apparmor.d/groups/grub/grub-multi-install index 4b8cfc83..e0c2b1aa 100644 --- a/apparmor.d/groups/grub/grub-multi-install +++ b/apparmor.d/groups/grub/grub-multi-install @@ -14,7 +14,7 @@ profile grub-multi-install @{exec_path} { @{exec_path} mr, @{bin}/grub-install rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/cat rix, @{bin}/cut rix, diff --git a/apparmor.d/groups/grub/update-grub b/apparmor.d/groups/grub/update-grub index 0538002b..a9353519 100644 --- a/apparmor.d/groups/grub/update-grub +++ b/apparmor.d/groups/grub/update-grub @@ -14,7 +14,7 @@ profile update-grub @{exec_path} { capability dac_read_search, @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/grub-mkconfig rPx, /dev/tty@{int} rw, diff --git a/apparmor.d/groups/gvfs/gvfsd b/apparmor.d/groups/gvfs/gvfsd index f7ceff88..ca821bfb 100644 --- a/apparmor.d/groups/gvfs/gvfsd +++ b/apparmor.d/groups/gvfs/gvfsd @@ -46,7 +46,7 @@ profile gvfsd @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/{,gvfs/}gvfsd-* rpx, /usr/share/gvfs/{,**} r, diff --git a/apparmor.d/groups/kde/kconf_update b/apparmor.d/groups/kde/kconf_update index d9626330..69ea74e1 100644 --- a/apparmor.d/groups/kde/kconf_update +++ b/apparmor.d/groups/kde/kconf_update @@ -20,7 +20,7 @@ profile kconf_update @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,p}grep rix, @{bin}/python3.@{int} rix, @{bin}/qtpaths rix, diff --git a/apparmor.d/groups/kde/kde-powerdevil b/apparmor.d/groups/kde/kde-powerdevil index 64f2a209..08d70f45 100644 --- a/apparmor.d/groups/kde/kde-powerdevil +++ b/apparmor.d/groups/kde/kde-powerdevil @@ -19,7 +19,7 @@ profile kde-powerdevil @{exec_path} flags=(attach_disconnected mediate_deleted) @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/find rix, @{bin}/grep rix, @{bin}/kcminit rPx, diff --git a/apparmor.d/groups/kde/kwin_x11 b/apparmor.d/groups/kde/kwin_x11 index 1fb8d333..c9b68720 100644 --- a/apparmor.d/groups/kde/kwin_x11 +++ b/apparmor.d/groups/kde/kwin_x11 @@ -23,7 +23,7 @@ profile kwin_x11 @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/kwin_killer_helper rix, @{lib}/drkonqi rPx, diff --git a/apparmor.d/groups/kde/pam_kwallet_init b/apparmor.d/groups/kde/pam_kwallet_init index d3784c4a..2ba25c82 100644 --- a/apparmor.d/groups/kde/pam_kwallet_init +++ b/apparmor.d/groups/kde/pam_kwallet_init @@ -12,7 +12,7 @@ profile pam_kwallet_init @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/env rix, @{bin}/socat rix, diff --git a/apparmor.d/groups/kde/plasma-discover b/apparmor.d/groups/kde/plasma-discover index 2bc49cd3..c023d023 100644 --- a/apparmor.d/groups/kde/plasma-discover +++ b/apparmor.d/groups/kde/plasma-discover @@ -28,7 +28,7 @@ profile plasma-discover @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/kreadconfig5 rPx, @{bin}/gpg rCx -> gpg, diff --git a/apparmor.d/groups/kde/sddm b/apparmor.d/groups/kde/sddm index 2a41b063..4d0bbb45 100644 --- a/apparmor.d/groups/kde/sddm +++ b/apparmor.d/groups/kde/sddm @@ -50,7 +50,7 @@ profile sddm @{exec_path} flags=(attach_disconnected,mediate_deleted) { @{lib}/sddm/sddm-helper-start-wayland rix, @{lib}/sddm/sddm-helper-start-x11user rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/checkproc rix, @{bin}/disable-paste rix, diff --git a/apparmor.d/groups/kde/sddm-xsession b/apparmor.d/groups/kde/sddm-xsession index 5afb8e8f..c71f1940 100644 --- a/apparmor.d/groups/kde/sddm-xsession +++ b/apparmor.d/groups/kde/sddm-xsession @@ -18,7 +18,7 @@ profile sddm-xsession @{exec_path} { @{exec_path} r, /{usr/,}{local,}bin/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/cat rix, @@ -85,5 +85,39 @@ profile sddm-xsession @{exec_path} { include if exists } + profile gpg { + include + include + include + include + + capability dac_read_search, + + network inet stream, + network inet6 stream, + network inet dgram, + network inet6 dgram, + + @{bin}/gpg{,2} mr, + @{bin}/gpgconf mr, + @{bin}/gpgsm mr, + + @{bin}/dirmngr rix, + @{bin}/gpg-agent rPx, + @{bin}/gpg-connect-agent rix, + + @{HOME}/@{XDG_GPG_DIR}/*.conf r, + + @{PROC}/@{pid}/fd/ r, + @{PROC}/@{pid}/task/@{tid}/comm rw, + + /dev/tty@{int} rw, + owner /dev/pts/@{int} rw, + + deny @{user_share_dirs}/sddm/* rw, + + include if exists + } + include if exists } diff --git a/apparmor.d/groups/kde/xdm-xsession b/apparmor.d/groups/kde/xdm-xsession index 6db46fd0..a1a063d2 100644 --- a/apparmor.d/groups/kde/xdm-xsession +++ b/apparmor.d/groups/kde/xdm-xsession @@ -18,7 +18,7 @@ profile xdm-xsession @{exec_path} { @{exec_path} mr, @{bin}/checkproc rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/cat rix, @{bin}/dirname rix, diff --git a/apparmor.d/groups/network/NetworkManager b/apparmor.d/groups/network/NetworkManager index f4a392de..2ffe3a0c 100644 --- a/apparmor.d/groups/network/NetworkManager +++ b/apparmor.d/groups/network/NetworkManager @@ -67,7 +67,7 @@ profile NetworkManager @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/nft rix, @{bin}/dnsmasq rPx, diff --git a/apparmor.d/groups/network/dhcpcd b/apparmor.d/groups/network/dhcpcd index 6b93b30e..12b5e17f 100644 --- a/apparmor.d/groups/network/dhcpcd +++ b/apparmor.d/groups/network/dhcpcd @@ -30,7 +30,7 @@ profile dhcpcd @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/chmod rix, @{bin}/cmp rix, diff --git a/apparmor.d/groups/network/mullvad-gui b/apparmor.d/groups/network/mullvad-gui index 6e5ca58b..7789b88e 100644 --- a/apparmor.d/groups/network/mullvad-gui +++ b/apparmor.d/groups/network/mullvad-gui @@ -36,7 +36,7 @@ profile mullvad-gui @{exec_path} flags=(attach_disconnected) { "/opt/Mullvad VPN/*.so*" mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gsettings rix, @{bin}/xdg-open rPx, diff --git a/apparmor.d/groups/network/nm-dispatcher b/apparmor.d/groups/network/nm-dispatcher index 1cd2ba2e..c5d05678 100644 --- a/apparmor.d/groups/network/nm-dispatcher +++ b/apparmor.d/groups/network/nm-dispatcher @@ -24,7 +24,7 @@ profile nm-dispatcher @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/chronyc rPUx, @{bin}/date rix, diff --git a/apparmor.d/groups/network/nm-openvpn-service b/apparmor.d/groups/network/nm-openvpn-service index 7e45b548..3bb9fba4 100644 --- a/apparmor.d/groups/network/nm-openvpn-service +++ b/apparmor.d/groups/network/nm-openvpn-service @@ -18,7 +18,7 @@ profile nm-openvpn-service @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/kmod rPx, @{bin}/openvpn rPx, @{lib}/{,NetworkManager/}nm-openvpn-auth-dialog rPx, diff --git a/apparmor.d/groups/network/openvpn b/apparmor.d/groups/network/openvpn index 71649919..f6967a10 100644 --- a/apparmor.d/groups/network/openvpn +++ b/apparmor.d/groups/network/openvpn @@ -82,7 +82,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) { /etc/openvpn/update-resolv-conf.sh r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cut rix, @{bin}/ip rix, @{bin}/which{,.debianutils} rix, @@ -106,7 +106,7 @@ profile openvpn @{exec_path} flags=(attach_disconnected) { /etc/openvpn/ r, /etc/openvpn/force-user-traffic-via-vpn.sh r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/cut rix, @{bin}/env rix, diff --git a/apparmor.d/groups/network/wg-quick b/apparmor.d/groups/network/wg-quick index 7af37a53..bb07999a 100644 --- a/apparmor.d/groups/network/wg-quick +++ b/apparmor.d/groups/network/wg-quick @@ -16,7 +16,7 @@ profile wg-quick @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/ip rPx, @{bin}/nft rix, diff --git a/apparmor.d/groups/pacman/aurpublish b/apparmor.d/groups/pacman/aurpublish index 433375b4..8fe36e3d 100644 --- a/apparmor.d/groups/pacman/aurpublish +++ b/apparmor.d/groups/pacman/aurpublish @@ -23,7 +23,7 @@ profile aurpublish @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/chmod rix, @{bin}/curl rix, diff --git a/apparmor.d/groups/pacman/pacdiff b/apparmor.d/groups/pacman/pacdiff index 8c551cc7..3fc9fe6b 100644 --- a/apparmor.d/groups/pacman/pacdiff +++ b/apparmor.d/groups/pacman/pacdiff @@ -18,7 +18,7 @@ profile pacdiff @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/cat rix, @{bin}/cmp rix, diff --git a/apparmor.d/groups/pacman/pacman-hook-gtk4-querymodules b/apparmor.d/groups/pacman/pacman-hook-gtk4-querymodules index cb21eb98..06fbbade 100644 --- a/apparmor.d/groups/pacman/pacman-hook-gtk4-querymodules +++ b/apparmor.d/groups/pacman/pacman-hook-gtk4-querymodules @@ -14,7 +14,7 @@ profile pacman-hook-gtk4-querymodules @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh r, + @{sh_path} r, @{bin}/rmdir rix, @{bin}/gio-querymodules rPx, diff --git a/apparmor.d/groups/ssh/ssh-agent b/apparmor.d/groups/ssh/ssh-agent index 5708c917..0070d955 100644 --- a/apparmor.d/groups/ssh/ssh-agent +++ b/apparmor.d/groups/ssh/ssh-agent @@ -18,7 +18,7 @@ profile ssh-agent @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/enlightenment_start rPUx, @{bin}/gpg-agent rPx, @{bin}/im-launch rPUx, diff --git a/apparmor.d/groups/systemd/systemd-generator-cloud-init b/apparmor.d/groups/systemd/systemd-generator-cloud-init index a79f2218..dd89ddf2 100644 --- a/apparmor.d/groups/systemd/systemd-generator-cloud-init +++ b/apparmor.d/groups/systemd/systemd-generator-cloud-init @@ -14,7 +14,7 @@ profile systemd-generator-cloud-init @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/systemd-detect-virt rPx, @{lib}/cloud-init/ds-identify rPUx, diff --git a/apparmor.d/groups/systemd/systemd-generator-ds-identify b/apparmor.d/groups/systemd/systemd-generator-ds-identify index 1f4d1874..f0a2b930 100644 --- a/apparmor.d/groups/systemd/systemd-generator-ds-identify +++ b/apparmor.d/groups/systemd/systemd-generator-ds-identify @@ -14,7 +14,7 @@ profile systemd-generator-ds-identify @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh r, + @{sh_path} r, @{bin}/uname rix, @{run}/cloud-init/.ds-identify.result r, diff --git a/apparmor.d/groups/systemd/systemd-generator-environment-arch b/apparmor.d/groups/systemd/systemd-generator-environment-arch index 5869c865..d544af8d 100644 --- a/apparmor.d/groups/systemd/systemd-generator-environment-arch +++ b/apparmor.d/groups/systemd/systemd-generator-environment-arch @@ -14,7 +14,7 @@ profile systemd-generator-environment-arch @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh r, + @{sh_path} r, include if exists } \ No newline at end of file diff --git a/apparmor.d/groups/systemd/systemd-generator-environment-flatpak b/apparmor.d/groups/systemd/systemd-generator-environment-flatpak index 3aabd412..665d2241 100644 --- a/apparmor.d/groups/systemd/systemd-generator-environment-flatpak +++ b/apparmor.d/groups/systemd/systemd-generator-environment-flatpak @@ -13,7 +13,7 @@ profile systemd-generator-environment-flatpak @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/flatpak rix, /usr/{local/,}share/gvfs/remote-volume-monitors/{,*} r, diff --git a/apparmor.d/groups/systemd/systemd-generator-user-environment b/apparmor.d/groups/systemd/systemd-generator-user-environment index 34b877ae..1a25124d 100644 --- a/apparmor.d/groups/systemd/systemd-generator-user-environment +++ b/apparmor.d/groups/systemd/systemd-generator-user-environment @@ -14,7 +14,7 @@ profile systemd-generator-user-environment @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/flatpak rPUx, @{bin}/gpgconf rPx, @{bin}/{m,g,}awk rix, diff --git a/apparmor.d/groups/systemd/systemd-sleep-grub2 b/apparmor.d/groups/systemd/systemd-sleep-grub2 index 2ad64044..0749c939 100644 --- a/apparmor.d/groups/systemd/systemd-sleep-grub2 +++ b/apparmor.d/groups/systemd/systemd-sleep-grub2 @@ -12,7 +12,7 @@ profile systemd-sleep-grub @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/grep rix, @{bin}/uname rix, diff --git a/apparmor.d/groups/systemd/systemd-sleep-nvidia b/apparmor.d/groups/systemd/systemd-sleep-nvidia index 3e07d2b7..7a91f655 100644 --- a/apparmor.d/groups/systemd/systemd-sleep-nvidia +++ b/apparmor.d/groups/systemd/systemd-sleep-nvidia @@ -16,7 +16,7 @@ profile systemd-sleep-nvidia @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/nvidia-sleep.sh rix, @{bin}/chvt rix, @{bin}/cat rix, diff --git a/apparmor.d/groups/systemd/systemd-udevd b/apparmor.d/groups/systemd/systemd-udevd index 02d3155a..eedca52f 100644 --- a/apparmor.d/groups/systemd/systemd-udevd +++ b/apparmor.d/groups/systemd/systemd-udevd @@ -35,7 +35,7 @@ profile systemd-udevd @{exec_path} flags=(attach_disconnected,complain) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/*-print-pci-ids rix, @{bin}/alsactl rPUx, diff --git a/apparmor.d/groups/systemd/systemd-vconsole-setup b/apparmor.d/groups/systemd/systemd-vconsole-setup index b6c619c6..55a45f4f 100644 --- a/apparmor.d/groups/systemd/systemd-vconsole-setup +++ b/apparmor.d/groups/systemd/systemd-vconsole-setup @@ -21,7 +21,7 @@ profile systemd-vconsole-setup @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gzip rix, @{bin}/loadkeys rix, @{bin}/setfont rix, diff --git a/apparmor.d/groups/ubuntu/apport-gtk b/apparmor.d/groups/ubuntu/apport-gtk index ad34c68c..e81d4b76 100644 --- a/apparmor.d/groups/ubuntu/apport-gtk +++ b/apparmor.d/groups/ubuntu/apport-gtk @@ -33,7 +33,7 @@ profile apport-gtk @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{f,}grep rix, @{bin}/apt-cache rPx, @{bin}/cut rix, diff --git a/apparmor.d/groups/ubuntu/notify-reboot-required b/apparmor.d/groups/ubuntu/notify-reboot-required index 37954dbb..43c96e87 100644 --- a/apparmor.d/groups/ubuntu/notify-reboot-required +++ b/apparmor.d/groups/ubuntu/notify-reboot-required @@ -13,7 +13,7 @@ profile notify-reboot-required @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gettext rix, @{bin}/snap rPUx, diff --git a/apparmor.d/groups/ubuntu/notify-updates-outdated b/apparmor.d/groups/ubuntu/notify-updates-outdated index ced054d4..ad1531ce 100644 --- a/apparmor.d/groups/ubuntu/notify-updates-outdated +++ b/apparmor.d/groups/ubuntu/notify-updates-outdated @@ -13,7 +13,7 @@ profile notify-updates-outdated @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gettext rix, include if exists diff --git a/apparmor.d/groups/ubuntu/package-system-locked b/apparmor.d/groups/ubuntu/package-system-locked index 5031b678..111b2b8c 100644 --- a/apparmor.d/groups/ubuntu/package-system-locked +++ b/apparmor.d/groups/ubuntu/package-system-locked @@ -23,7 +23,7 @@ profile package-system-locked @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/fuser rix, @{PROC}/ r, diff --git a/apparmor.d/groups/ubuntu/release-upgrade-motd b/apparmor.d/groups/ubuntu/release-upgrade-motd index 1b044fcd..bff7570c 100644 --- a/apparmor.d/groups/ubuntu/release-upgrade-motd +++ b/apparmor.d/groups/ubuntu/release-upgrade-motd @@ -12,7 +12,7 @@ profile release-upgrade-motd @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/date rix, @{bin}/expr rix, @{bin}/id rPx, diff --git a/apparmor.d/groups/ubuntu/update-manager b/apparmor.d/groups/ubuntu/update-manager index 188e19c4..305ed24c 100644 --- a/apparmor.d/groups/ubuntu/update-manager +++ b/apparmor.d/groups/ubuntu/update-manager @@ -40,7 +40,7 @@ profile update-manager @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dpkg rPx -> child-dpkg, @{bin}/hwe-support-status rPx, @{bin}/ischroot rix, diff --git a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot index 6566c48e..283e4e5f 100644 --- a/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot +++ b/apparmor.d/groups/ubuntu/update-motd-fsck-at-reboot @@ -13,7 +13,7 @@ profile update-motd-fsck-at-reboot @{exec_path} { @{exec_path} mr, @{bin}/dumpe2fs rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/cat rix, @{bin}/cut rix, diff --git a/apparmor.d/groups/ubuntu/update-motd-updates-available b/apparmor.d/groups/ubuntu/update-motd-updates-available index 2235433a..387afb69 100644 --- a/apparmor.d/groups/ubuntu/update-motd-updates-available +++ b/apparmor.d/groups/ubuntu/update-motd-updates-available @@ -21,7 +21,7 @@ profile update-motd-updates-available @{exec_path} { @{bin}/python3.@{int} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/apt-config rPx, @{bin}/chmod rix, @{bin}/dirname rix, diff --git a/apparmor.d/groups/ubuntu/update-notifier b/apparmor.d/groups/ubuntu/update-notifier index cd1a732e..8ebf8f97 100644 --- a/apparmor.d/groups/ubuntu/update-notifier +++ b/apparmor.d/groups/ubuntu/update-notifier @@ -35,7 +35,7 @@ profile update-notifier @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ionice rix, @{bin}/ischroot rix, @{bin}/nice rix, diff --git a/apparmor.d/groups/virt/cockpit-certificate-helper b/apparmor.d/groups/virt/cockpit-certificate-helper index f7e81525..e4b79abc 100644 --- a/apparmor.d/groups/virt/cockpit-certificate-helper +++ b/apparmor.d/groups/virt/cockpit-certificate-helper @@ -13,7 +13,7 @@ profile cockpit-certificate-helper @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/chmod rix, @{bin}/id rix, @{bin}/mkdir rix, diff --git a/apparmor.d/groups/virt/libvirtd b/apparmor.d/groups/virt/libvirtd index 51623848..22f3ca68 100644 --- a/apparmor.d/groups/virt/libvirtd +++ b/apparmor.d/groups/virt/libvirtd @@ -115,7 +115,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) { @{bin}/virtiofsd rux, # TODO: WIP @{bin}/virtlogd rPx, - @{bin}/{,ba,da}sh rix, + @{shells_path} rix, @{bin}/ip rix, @{bin}/qemu-img rUx, # TODO: Integration with virt-aa-helper @{bin}/qemu-system* rUx, # TODO: Integration with virt-aa-helper diff --git a/apparmor.d/groups/whonix/msgdispatcher b/apparmor.d/groups/whonix/msgdispatcher index b781898e..190bf248 100644 --- a/apparmor.d/groups/whonix/msgdispatcher +++ b/apparmor.d/groups/whonix/msgdispatcher @@ -14,7 +14,7 @@ profile msgdispatcher @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/flock rix, @{bin}/inotifywait rix, diff --git a/apparmor.d/groups/whonix/sensible-browser b/apparmor.d/groups/whonix/sensible-browser index 216c9a97..fe0ad095 100644 --- a/apparmor.d/groups/whonix/sensible-browser +++ b/apparmor.d/groups/whonix/sensible-browser @@ -13,7 +13,7 @@ profile sensible-browser @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/whichbrowser rix, @{bin}/x-www-browser rix, diff --git a/apparmor.d/groups/whonix/torbrowser-wrapper b/apparmor.d/groups/whonix/torbrowser-wrapper index 7442d10b..4ecdb871 100644 --- a/apparmor.d/groups/whonix/torbrowser-wrapper +++ b/apparmor.d/groups/whonix/torbrowser-wrapper @@ -16,7 +16,7 @@ profile torbrowser-wrapper @{exec_path} { @{exec_path} rm, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/dirname rix, @{bin}/grep rix, diff --git a/apparmor.d/groups/whonix/whonix-firewall-edit b/apparmor.d/groups/whonix/whonix-firewall-edit index 06eab666..818f388f 100644 --- a/apparmor.d/groups/whonix/whonix-firewall-edit +++ b/apparmor.d/groups/whonix/whonix-firewall-edit @@ -13,7 +13,7 @@ profile whonix-firewall-edit @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gsudoedit rix, /etc/whonix_firewall.d/*.conf rw, diff --git a/apparmor.d/groups/whonix/whonix-firewall-restarter b/apparmor.d/groups/whonix/whonix-firewall-restarter index 5d3cf768..52281ed4 100644 --- a/apparmor.d/groups/whonix/whonix-firewall-restarter +++ b/apparmor.d/groups/whonix/whonix-firewall-restarter @@ -20,7 +20,7 @@ profile whonix-firewall-restarter @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/chown rix, @{bin}/inotifywait rix, @{bin}/mkdir rix, diff --git a/apparmor.d/groups/whonix/whonix-firewalld b/apparmor.d/groups/whonix/whonix-firewalld index 10f07c66..55183a7a 100644 --- a/apparmor.d/groups/whonix/whonix-firewalld +++ b/apparmor.d/groups/whonix/whonix-firewalld @@ -22,7 +22,7 @@ profile whonix-firewall @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/date rix, @{bin}/id rix, @{bin}/mkdir rix, diff --git a/apparmor.d/profiles-a-f/aa-teardown b/apparmor.d/profiles-a-f/aa-teardown index 1a597f90..c4250164 100644 --- a/apparmor.d/profiles-a-f/aa-teardown +++ b/apparmor.d/profiles-a-f/aa-teardown @@ -15,7 +15,7 @@ profile aa-teardown @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/apparmor/apparmor.systemd rPx, /usr/share/terminfo/** r, diff --git a/apparmor.d/profiles-a-f/adduser b/apparmor.d/profiles-a-f/adduser index 175ca971..1ef1fe4f 100644 --- a/apparmor.d/profiles-a-f/adduser +++ b/apparmor.d/profiles-a-f/adduser @@ -25,7 +25,7 @@ profile adduser @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/find rix, @{bin}/logger rix, @{bin}/rm rix, diff --git a/apparmor.d/profiles-a-f/adequate b/apparmor.d/profiles-a-f/adequate index 3f735f41..cbcb2557 100644 --- a/apparmor.d/profiles-a-f/adequate +++ b/apparmor.d/profiles-a-f/adequate @@ -77,7 +77,7 @@ profile adequate @{exec_path} flags=(complain) { @{bin}/adequate rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-a-f/anacron b/apparmor.d/profiles-a-f/anacron index 8800fb80..6b460b59 100644 --- a/apparmor.d/profiles-a-f/anacron +++ b/apparmor.d/profiles-a-f/anacron @@ -13,7 +13,7 @@ profile anacron @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/run-parts rCx -> run-parts, / r, diff --git a/apparmor.d/profiles-a-f/anyremote b/apparmor.d/profiles-a-f/anyremote index b5375bb2..ab167755 100644 --- a/apparmor.d/profiles-a-f/anyremote +++ b/apparmor.d/profiles-a-f/anyremote @@ -21,7 +21,7 @@ profile anyremote @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/rm rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/profiles-a-f/apparmor.systemd b/apparmor.d/profiles-a-f/apparmor.systemd index d0130d0c..e993b3f8 100644 --- a/apparmor.d/profiles-a-f/apparmor.systemd +++ b/apparmor.d/profiles-a-f/apparmor.systemd @@ -17,7 +17,7 @@ profile apparmor.systemd @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/aa-status rPx, @{bin}/apparmor_parser rPx, diff --git a/apparmor.d/profiles-a-f/arduino b/apparmor.d/profiles-a-f/arduino index f9450697..9317d403 100644 --- a/apparmor.d/profiles-a-f/arduino +++ b/apparmor.d/profiles-a-f/arduino @@ -30,7 +30,7 @@ profile arduino @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/id rix, @{bin}/{,e}grep rix, @{bin}/groups rix, @@ -116,7 +116,7 @@ profile arduino @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-a-f/aspell-autobuildhash b/apparmor.d/profiles-a-f/aspell-autobuildhash index c9dc61dd..f7bf193a 100644 --- a/apparmor.d/profiles-a-f/aspell-autobuildhash +++ b/apparmor.d/profiles-a-f/aspell-autobuildhash @@ -16,7 +16,7 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/gzip rix, @{bin}/precat rix, @@ -51,7 +51,7 @@ profile aspell-autobuildhash @{exec_path} flags=(complain) { @{bin}/aspell-autobuildhash rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-a-f/atd b/apparmor.d/profiles-a-f/atd index 4d2e18ca..e93a45c0 100644 --- a/apparmor.d/profiles-a-f/atd +++ b/apparmor.d/profiles-a-f/atd @@ -26,7 +26,7 @@ profile atd @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/sendmail rPUx, @{etc_ro}/environment r, diff --git a/apparmor.d/profiles-a-f/atril b/apparmor.d/profiles-a-f/atril index a04f294e..1ec58a57 100644 --- a/apparmor.d/profiles-a-f/atril +++ b/apparmor.d/profiles-a-f/atril @@ -36,7 +36,7 @@ profile atril @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/atril-previewer rPx, diff --git a/apparmor.d/profiles-a-f/augenrules b/apparmor.d/profiles-a-f/augenrules index dcb3a7d0..3c20ab27 100644 --- a/apparmor.d/profiles-a-f/augenrules +++ b/apparmor.d/profiles-a-f/augenrules @@ -13,7 +13,7 @@ profile augenrules @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e,f}grep rix, @{bin}/{,g,m}awk rix, @{bin}/auditctl rPx, diff --git a/apparmor.d/profiles-a-f/birdtray b/apparmor.d/profiles-a-f/birdtray index 923b5928..96b786a6 100644 --- a/apparmor.d/profiles-a-f/birdtray +++ b/apparmor.d/profiles-a-f/birdtray @@ -79,7 +79,7 @@ profile birdtray @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-a-f/cawbird b/apparmor.d/profiles-a-f/cawbird index dc0b6653..41c218aa 100644 --- a/apparmor.d/profiles-a-f/cawbird +++ b/apparmor.d/profiles-a-f/cawbird @@ -29,7 +29,7 @@ profile cawbird @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xdg-open rCx -> open, @{bin}/exo-open rCx -> open, @@ -54,7 +54,7 @@ profile cawbird @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-a-f/check-bios-nx b/apparmor.d/profiles-a-f/check-bios-nx index 39950759..a2021522 100644 --- a/apparmor.d/profiles-a-f/check-bios-nx +++ b/apparmor.d/profiles-a-f/check-bios-nx @@ -17,7 +17,7 @@ profile check-bios-nx @{exec_path} { capability dac_override, @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/profiles-a-f/check-support-status b/apparmor.d/profiles-a-f/check-support-status index 844f278f..89a2ca71 100644 --- a/apparmor.d/profiles-a-f/check-support-status +++ b/apparmor.d/profiles-a-f/check-support-status @@ -13,7 +13,7 @@ profile check-support-status @{exec_path} { include @{exec_path} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ r, @{bin}/gettext.sh r, diff --git a/apparmor.d/profiles-a-f/check-support-status-hook b/apparmor.d/profiles-a-f/check-support-status-hook index 8250a950..d2fb1f4c 100644 --- a/apparmor.d/profiles-a-f/check-support-status-hook +++ b/apparmor.d/profiles-a-f/check-support-status-hook @@ -14,7 +14,7 @@ profile check-support-status-hook @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ r, @{bin}/getent rix, @@ -72,7 +72,7 @@ profile check-support-status-hook @{exec_path} { /usr/share/debian-security-support/ r, /usr/share/debian-security-support/check-support-status.hook rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, @@ -113,7 +113,7 @@ profile check-support-status-hook @{exec_path} { @{bin}/runuser mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/check-support-status rPx, diff --git a/apparmor.d/profiles-a-f/claws-mail b/apparmor.d/profiles-a-f/claws-mail index ea309f1f..91d1a68c 100644 --- a/apparmor.d/profiles-a-f/claws-mail +++ b/apparmor.d/profiles-a-f/claws-mail @@ -23,7 +23,7 @@ profile claws-mail @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, @{bin}/gpg{,2} rCx -> gpg, diff --git a/apparmor.d/profiles-a-f/code-extension-git-askpass b/apparmor.d/profiles-a-f/code-extension-git-askpass index d4136282..a55b03a5 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-askpass +++ b/apparmor.d/profiles-a-f/code-extension-git-askpass @@ -15,7 +15,7 @@ profile code-extension-git-askpass @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/mktemp rix, @{bin}/rm rix, diff --git a/apparmor.d/profiles-a-f/code-extension-git-editor b/apparmor.d/profiles-a-f/code-extension-git-editor index deb00c9c..1708393d 100644 --- a/apparmor.d/profiles-a-f/code-extension-git-editor +++ b/apparmor.d/profiles-a-f/code-extension-git-editor @@ -12,7 +12,7 @@ profile code-extension-git-editor @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/electron@{int}/electron rix, @{sys}/devices/system/cpu/cpufreq/policy@{int}/cpuinfo_max_freq r, diff --git a/apparmor.d/profiles-a-f/code-wrapper b/apparmor.d/profiles-a-f/code-wrapper index 62c37e93..e867892a 100644 --- a/apparmor.d/profiles-a-f/code-wrapper +++ b/apparmor.d/profiles-a-f/code-wrapper @@ -13,7 +13,7 @@ profile code-wrapper @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/electron@{int}/electron rPx -> code, owner @{user_config_dirs}/code-flags.conf r, diff --git a/apparmor.d/profiles-a-f/conky b/apparmor.d/profiles-a-f/conky index 06c4439a..83821994 100644 --- a/apparmor.d/profiles-a-f/conky +++ b/apparmor.d/profiles-a-f/conky @@ -33,7 +33,7 @@ profile conky @{exec_path} { @{exec_path} mr, # Needed tools to render conky output - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cp rix, @{bin}/rm rix, @{bin}/sed rix, @@ -169,7 +169,7 @@ profile conky @{exec_path} { @{bin}/lynx mr, @{bin}/w3m mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /etc/mime.types r, /etc/mailcap r, diff --git a/apparmor.d/profiles-a-f/convertall b/apparmor.d/profiles-a-f/convertall index 6c92f3d5..6b3fc4aa 100644 --- a/apparmor.d/profiles-a-f/convertall +++ b/apparmor.d/profiles-a-f/convertall @@ -22,7 +22,7 @@ profile convertall @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/python3.@{int} rix, diff --git a/apparmor.d/profiles-a-f/cups-backend-pdf b/apparmor.d/profiles-a-f/cups-backend-pdf index 0f775e18..650b5f87 100644 --- a/apparmor.d/profiles-a-f/cups-backend-pdf +++ b/apparmor.d/profiles-a-f/cups-backend-pdf @@ -22,7 +22,7 @@ profile cups-backend-pdf @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cp rix, @{bin}/gs rix, @{bin}/gsc rix, diff --git a/apparmor.d/profiles-a-f/cupsd b/apparmor.d/profiles-a-f/cupsd index 325c52c8..faf803ee 100644 --- a/apparmor.d/profiles-a-f/cupsd +++ b/apparmor.d/profiles-a-f/cupsd @@ -45,7 +45,7 @@ profile cupsd @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/chmod rix, @{bin}/cp rix, diff --git a/apparmor.d/profiles-a-f/czkawka-gui b/apparmor.d/profiles-a-f/czkawka-gui index 970dacdd..fb4fb601 100644 --- a/apparmor.d/profiles-a-f/czkawka-gui +++ b/apparmor.d/profiles-a-f/czkawka-gui @@ -44,7 +44,7 @@ profile czkawka-gui @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-a-f/ddclient b/apparmor.d/profiles-a-f/ddclient index dbf1db3a..29a4ebbf 100644 --- a/apparmor.d/profiles-a-f/ddclient +++ b/apparmor.d/profiles-a-f/ddclient @@ -18,7 +18,7 @@ profile ddclient @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/logger rix, /etc/ddclient.conf r, diff --git a/apparmor.d/profiles-a-f/deltachat-desktop b/apparmor.d/profiles-a-f/deltachat-desktop index f79dc5e3..4fda1bb9 100644 --- a/apparmor.d/profiles-a-f/deltachat-desktop +++ b/apparmor.d/profiles-a-f/deltachat-desktop @@ -88,7 +88,7 @@ profile deltachat-desktop @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-a-f/deluser b/apparmor.d/profiles-a-f/deluser index 991fef6b..322df24e 100644 --- a/apparmor.d/profiles-a-f/deluser +++ b/apparmor.d/profiles-a-f/deluser @@ -23,7 +23,7 @@ profile deluser @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/userdel rPx, @{bin}/groupdel rPx, diff --git a/apparmor.d/profiles-a-f/dhclient-script b/apparmor.d/profiles-a-f/dhclient-script index 7fdb759e..d1a86cfa 100644 --- a/apparmor.d/profiles-a-f/dhclient-script +++ b/apparmor.d/profiles-a-f/dhclient-script @@ -20,7 +20,7 @@ profile dhclient-script @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh mrix, + @{sh_path} mrix, @{bin}/chmod rix, @{bin}/chown rix, @{bin}/chronyc rPUx, diff --git a/apparmor.d/profiles-a-f/dkms b/apparmor.d/profiles-a-f/dkms index adfda728..b894161f 100644 --- a/apparmor.d/profiles-a-f/dkms +++ b/apparmor.d/profiles-a-f/dkms @@ -51,7 +51,7 @@ profile dkms @{exec_path} flags=(attach_disconnected) { @{bin}/wc rix, @{bin}/xargs rix, @{bin}/{,@{multiarch}-}* rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e,f}grep rix, @{bin}/{,g,m}awk rix, @{bin}/update-secureboot-policy rPUx, diff --git a/apparmor.d/profiles-a-f/dkms-autoinstaller b/apparmor.d/profiles-a-f/dkms-autoinstaller index ef899622..a7453022 100644 --- a/apparmor.d/profiles-a-f/dkms-autoinstaller +++ b/apparmor.d/profiles-a-f/dkms-autoinstaller @@ -14,7 +14,7 @@ profile dkms-autoinstaller @{exec_path} { @{exec_path} rm, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dkms rPx, @{bin}/echo rix, @{bin}/plymouth rix, diff --git a/apparmor.d/profiles-a-f/dlocate b/apparmor.d/profiles-a-f/dlocate index 2cf4e5ae..5fc06387 100644 --- a/apparmor.d/profiles-a-f/dlocate +++ b/apparmor.d/profiles-a-f/dlocate @@ -14,7 +14,7 @@ profile dlocate @{exec_path} { include @{exec_path} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/getopt rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/profiles-a-f/dmesg b/apparmor.d/profiles-a-f/dmesg index ba8bd107..84c7989d 100644 --- a/apparmor.d/profiles-a-f/dmesg +++ b/apparmor.d/profiles-a-f/dmesg @@ -17,7 +17,7 @@ profile dmesg @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/less rPx -> child-pager, /dev/kmsg r, diff --git a/apparmor.d/profiles-a-f/e2fsck b/apparmor.d/profiles-a-f/e2fsck index eac4ac5f..4bcac87f 100644 --- a/apparmor.d/profiles-a-f/e2fsck +++ b/apparmor.d/profiles-a-f/e2fsck @@ -19,7 +19,7 @@ profile e2fsck @{exec_path} { @{exec_path} mr, # To check for badblocks - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/badblocks rPx, /usr/share/file/misc/magic.mgc r, diff --git a/apparmor.d/profiles-a-f/e2scrub_all b/apparmor.d/profiles-a-f/e2scrub_all index bb2babd8..be21cded 100644 --- a/apparmor.d/profiles-a-f/e2scrub_all +++ b/apparmor.d/profiles-a-f/e2scrub_all @@ -17,7 +17,7 @@ profile e2scrub_all @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh r, + @{sh_path} r, @{bin}/readlink rix, /etc/e2scrub.conf r, diff --git a/apparmor.d/profiles-a-f/eject b/apparmor.d/profiles-a-f/eject index df4872df..83942708 100644 --- a/apparmor.d/profiles-a-f/eject +++ b/apparmor.d/profiles-a-f/eject @@ -17,7 +17,7 @@ profile eject @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/eject/dmcrypt-get-device rPx, diff --git a/apparmor.d/profiles-a-f/element b/apparmor.d/profiles-a-f/element index 984686bd..6438824b 100644 --- a/apparmor.d/profiles-a-f/element +++ b/apparmor.d/profiles-a-f/element @@ -28,7 +28,7 @@ profile element @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh r, + @{sh_path} r, @{bin}/electron@{int} rix, @{lib}/electron@{int}/{,**} r, @{lib}/electron@{int}/electron rix, diff --git a/apparmor.d/profiles-a-f/engrampa b/apparmor.d/profiles-a-f/engrampa index d1706961..a7705710 100644 --- a/apparmor.d/profiles-a-f/engrampa +++ b/apparmor.d/profiles-a-f/engrampa @@ -43,7 +43,7 @@ profile engrampa @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ls rix, @{bin}/rm rix, @{bin}/mv rix, diff --git a/apparmor.d/profiles-a-f/etckeeper b/apparmor.d/profiles-a-f/etckeeper index c04a2cff..e4b25735 100644 --- a/apparmor.d/profiles-a-f/etckeeper +++ b/apparmor.d/profiles-a-f/etckeeper @@ -17,7 +17,7 @@ profile etckeeper @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/cat rix, @{bin}/chmod rix, diff --git a/apparmor.d/profiles-a-f/evince b/apparmor.d/profiles-a-f/evince index 72c9b2e7..d6b73659 100644 --- a/apparmor.d/profiles-a-f/evince +++ b/apparmor.d/profiles-a-f/evince @@ -35,7 +35,7 @@ profile evince @{exec_path} { @{exec_path} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gio-launch-desktop rPx, @{open_path} rPx -> child-open, diff --git a/apparmor.d/profiles-a-f/execute-dput b/apparmor.d/profiles-a-f/execute-dput index d25cef4f..9700aae9 100644 --- a/apparmor.d/profiles-a-f/execute-dput +++ b/apparmor.d/profiles-a-f/execute-dput @@ -17,7 +17,7 @@ profile execute-dput @{exec_path} flags=(complain) { @{bin}/python3.@{int} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dpkg rPx -> child-dpkg, @{bin}/gpg{,2} rCx -> gpg, @{bin}/gpgconf rCx -> gpg, diff --git a/apparmor.d/profiles-a-f/f3fix b/apparmor.d/profiles-a-f/f3fix index 94ef0a93..f31f6cfe 100644 --- a/apparmor.d/profiles-a-f/f3fix +++ b/apparmor.d/profiles-a-f/f3fix @@ -26,7 +26,7 @@ profile f3fix @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dmidecode rPx, diff --git a/apparmor.d/profiles-a-f/fail2ban-server b/apparmor.d/profiles-a-f/fail2ban-server index 5b3c5514..6b809406 100644 --- a/apparmor.d/profiles-a-f/fail2ban-server +++ b/apparmor.d/profiles-a-f/fail2ban-server @@ -20,7 +20,7 @@ profile fail2ban-server @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xtables-nft-multi rix, @{bin}/iptables rix, diff --git a/apparmor.d/profiles-a-f/fatresize b/apparmor.d/profiles-a-f/fatresize index 32ff6c07..08d5124a 100644 --- a/apparmor.d/profiles-a-f/fatresize +++ b/apparmor.d/profiles-a-f/fatresize @@ -24,7 +24,7 @@ profile fatresize @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dmidecode rPx, diff --git a/apparmor.d/profiles-a-f/firecfg b/apparmor.d/profiles-a-f/firecfg index 9b00a9ed..10223005 100644 --- a/apparmor.d/profiles-a-f/firecfg +++ b/apparmor.d/profiles-a-f/firecfg @@ -18,7 +18,7 @@ profile firecfg @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/apparmor_parser rPx, /etc/login.defs r, diff --git a/apparmor.d/profiles-a-f/frontend b/apparmor.d/profiles-a-f/frontend index 9eff3c01..b533bbb5 100644 --- a/apparmor.d/profiles-a-f/frontend +++ b/apparmor.d/profiles-a-f/frontend @@ -23,7 +23,7 @@ profile frontend @{exec_path} flags=(complain) { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/hostname rix, @{bin}/locale rix, @{bin}/lsb_release rPx -> lsb_release, diff --git a/apparmor.d/profiles-a-f/fsck-btrfs b/apparmor.d/profiles-a-f/fsck-btrfs index f454d607..a9ce576a 100644 --- a/apparmor.d/profiles-a-f/fsck-btrfs +++ b/apparmor.d/profiles-a-f/fsck-btrfs @@ -13,7 +13,7 @@ profile fsck-btrfs @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /etc/fstab r, diff --git a/apparmor.d/profiles-a-f/fsck-ext4 b/apparmor.d/profiles-a-f/fsck-ext4 index 02d80b35..ccc608f7 100644 --- a/apparmor.d/profiles-a-f/fsck-ext4 +++ b/apparmor.d/profiles-a-f/fsck-ext4 @@ -12,7 +12,7 @@ profile fsck-ext4 @{exec_path} { @{exec_path} rm, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /etc/fstab r, diff --git a/apparmor.d/profiles-g-l/gajim b/apparmor.d/profiles-g-l/gajim index a4adb6c7..f8f3d1ea 100644 --- a/apparmor.d/profiles-g-l/gajim +++ b/apparmor.d/profiles-g-l/gajim @@ -37,7 +37,7 @@ profile gajim @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ldconfig rix, @{bin}/uname rix, diff --git a/apparmor.d/profiles-g-l/ganyremote b/apparmor.d/profiles-g-l/ganyremote index 7dee9d05..5f1a56a0 100644 --- a/apparmor.d/profiles-g-l/ganyremote +++ b/apparmor.d/profiles-g-l/ganyremote @@ -27,7 +27,7 @@ profile ganyremote @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/rm rix, @{bin}/{,e}grep rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-g-l/git b/apparmor.d/profiles-g-l/git index bab8704d..400e554a 100644 --- a/apparmor.d/profiles-g-l/git +++ b/apparmor.d/profiles-g-l/git @@ -42,7 +42,7 @@ profile git @{exec_path} { deny owner @{user_bin_dirs}/ r, # These are needed for "git submodule update" - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/basename rix, @{bin}/cat rix, @@ -172,7 +172,7 @@ profile git @{exec_path} { @{bin}/sensible-editor mr, @{bin}/vim mrix, @{bin}/vim.* mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, /usr/share/vim/{,**} r, diff --git a/apparmor.d/profiles-g-l/gparted b/apparmor.d/profiles-g-l/gparted index 45af2efa..0b82909a 100644 --- a/apparmor.d/profiles-g-l/gparted +++ b/apparmor.d/profiles-g-l/gparted @@ -16,7 +16,7 @@ profile gparted @{exec_path} { @{exec_path} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-g-l/gpartedbin b/apparmor.d/profiles-g-l/gpartedbin index af15c091..9048c467 100644 --- a/apparmor.d/profiles-g-l/gpartedbin +++ b/apparmor.d/profiles-g-l/gpartedbin @@ -30,7 +30,7 @@ profile gpartedbin @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/blkid rPx, @{bin}/dmidecode rPx, diff --git a/apparmor.d/profiles-g-l/gpo b/apparmor.d/profiles-g-l/gpo index e24d95d4..819eccd3 100644 --- a/apparmor.d/profiles-g-l/gpo +++ b/apparmor.d/profiles-g-l/gpo @@ -26,7 +26,7 @@ profile gpo @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, @{bin}/pager rPx -> child-pager, @{bin}/less rPx -> child-pager, diff --git a/apparmor.d/profiles-g-l/gpodder b/apparmor.d/profiles-g-l/gpodder index 661422fe..dd5a648b 100644 --- a/apparmor.d/profiles-g-l/gpodder +++ b/apparmor.d/profiles-g-l/gpodder @@ -30,7 +30,7 @@ profile gpodder @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, owner @{HOME}/ r, @@ -75,7 +75,7 @@ profile gpodder @{exec_path} { @{bin}/xdg-open mr, @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-g-l/gpodder-migrate2tres b/apparmor.d/profiles-g-l/gpodder-migrate2tres index e3fe9ea9..0c048b19 100644 --- a/apparmor.d/profiles-g-l/gpodder-migrate2tres +++ b/apparmor.d/profiles-g-l/gpodder-migrate2tres @@ -16,7 +16,7 @@ profile gpodder-migrate2tres @{exec_path} { @{bin}/python3.@{int} r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, owner @{PROC}/@{pid}/fd/ r, diff --git a/apparmor.d/profiles-g-l/gsmartcontrol-root b/apparmor.d/profiles-g-l/gsmartcontrol-root index ad9cb5a7..f5a817f6 100644 --- a/apparmor.d/profiles-g-l/gsmartcontrol-root +++ b/apparmor.d/profiles-g-l/gsmartcontrol-root @@ -13,7 +13,7 @@ profile gsmartcontrol-root @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, diff --git a/apparmor.d/profiles-g-l/gtk-youtube-viewer b/apparmor.d/profiles-g-l/gtk-youtube-viewer index d8f5cba3..3219a327 100644 --- a/apparmor.d/profiles-g-l/gtk-youtube-viewer +++ b/apparmor.d/profiles-g-l/gtk-youtube-viewer @@ -28,7 +28,7 @@ profile gtk-youtube-viewer @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xterm rCx -> xterm, @{bin}/rxvt rCx -> xterm, @@ -71,7 +71,7 @@ profile gtk-youtube-viewer @{exec_path} { @{bin}/urxvt mr, @{bin}/zsh rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/youtube-viewer rPx, @@ -101,7 +101,7 @@ profile gtk-youtube-viewer @{exec_path} { @{bin}/xdg-open mr, @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-g-l/hardinfo b/apparmor.d/profiles-g-l/hardinfo index f6743a35..a008ab91 100644 --- a/apparmor.d/profiles-g-l/hardinfo +++ b/apparmor.d/profiles-g-l/hardinfo @@ -32,7 +32,7 @@ profile hardinfo @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gdb rix, @{bin}/iconv rix, @{bin}/last rix, @@ -166,7 +166,7 @@ profile hardinfo @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-g-l/hw-probe b/apparmor.d/profiles-g-l/hw-probe index 3b0f449e..e6e7d744 100644 --- a/apparmor.d/profiles-g-l/hw-probe +++ b/apparmor.d/profiles-g-l/hw-probe @@ -22,7 +22,7 @@ profile hw-probe @{exec_path} { @{bin}/pwd rix, @{bin}/{,e}grep rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/sleep rix, @{bin}/md5sum rix, diff --git a/apparmor.d/profiles-g-l/hwinfo b/apparmor.d/profiles-g-l/hwinfo index 259423a7..64a91e05 100644 --- a/apparmor.d/profiles-g-l/hwinfo +++ b/apparmor.d/profiles-g-l/hwinfo @@ -32,7 +32,7 @@ profile hwinfo @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/kmod rCx -> kmod, @{bin}/udevadm rCx -> udevadm, diff --git a/apparmor.d/profiles-g-l/hypnotix b/apparmor.d/profiles-g-l/hypnotix index a73ff4da..6dcf433f 100644 --- a/apparmor.d/profiles-g-l/hypnotix +++ b/apparmor.d/profiles-g-l/hypnotix @@ -38,7 +38,7 @@ profile hypnotix @{exec_path} { @{exec_path} rix, @{bin}/python3.@{int} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ldconfig rix, @{bin}/mkdir rix, @@ -77,7 +77,7 @@ profile hypnotix @{exec_path} { @{bin}/xdg-screensaver mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mv rix, @{bin}/{,e}grep rix, @{bin}/sed rix, diff --git a/apparmor.d/profiles-g-l/i3lock-fancy b/apparmor.d/profiles-g-l/i3lock-fancy index 5eec9f61..687412ec 100644 --- a/apparmor.d/profiles-g-l/i3lock-fancy +++ b/apparmor.d/profiles-g-l/i3lock-fancy @@ -15,7 +15,7 @@ profile i3lock-fancy @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/rm rix, @{bin}/fc-match rix, diff --git a/apparmor.d/profiles-g-l/ifup b/apparmor.d/profiles-g-l/ifup index df36605e..6ee7d10d 100644 --- a/apparmor.d/profiles-g-l/ifup +++ b/apparmor.d/profiles-g-l/ifup @@ -18,7 +18,7 @@ profile ifup @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ip rix, @{bin}/route rix, @{bin}/seq rix, diff --git a/apparmor.d/profiles-g-l/im-launch b/apparmor.d/profiles-g-l/im-launch index 29e7068a..8d28ab4b 100644 --- a/apparmor.d/profiles-g-l/im-launch +++ b/apparmor.d/profiles-g-l/im-launch @@ -12,7 +12,7 @@ profile im-launch @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dpkg-query rpx, @{bin}/env rix, @{bin}/gettext{,.sh} rix, diff --git a/apparmor.d/profiles-g-l/initd-kexec b/apparmor.d/profiles-g-l/initd-kexec index 42b49130..b295d5e4 100644 --- a/apparmor.d/profiles-g-l/initd-kexec +++ b/apparmor.d/profiles-g-l/initd-kexec @@ -12,7 +12,7 @@ profile initd-kexec @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/readlink rix, diff --git a/apparmor.d/profiles-g-l/initd-kexec-load b/apparmor.d/profiles-g-l/initd-kexec-load index 2c97d114..ab1d5453 100644 --- a/apparmor.d/profiles-g-l/initd-kexec-load +++ b/apparmor.d/profiles-g-l/initd-kexec-load @@ -12,7 +12,7 @@ profile initd-kexec-load @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-g-l/initd-kmod b/apparmor.d/profiles-g-l/initd-kmod index 1fe6acd3..53c39142 100644 --- a/apparmor.d/profiles-g-l/initd-kmod +++ b/apparmor.d/profiles-g-l/initd-kmod @@ -12,7 +12,7 @@ profile initd-kmod @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/readlink rix, @{bin}/tput rix, diff --git a/apparmor.d/profiles-g-l/install-info b/apparmor.d/profiles-g-l/install-info index 41ba10bc..4060e715 100644 --- a/apparmor.d/profiles-g-l/install-info +++ b/apparmor.d/profiles-g-l/install-info @@ -15,7 +15,7 @@ profile install-info @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/gzip rix, /usr/share/info/{,**} r, diff --git a/apparmor.d/profiles-g-l/install-printerdriver b/apparmor.d/profiles-g-l/install-printerdriver index 778b36f7..e8d110a9 100644 --- a/apparmor.d/profiles-g-l/install-printerdriver +++ b/apparmor.d/profiles-g-l/install-printerdriver @@ -15,7 +15,7 @@ profile install-printerdriver @{exec_path} flags=(complain) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/python3.@{int} r, /usr/share/system-config-printer/{,**} r, diff --git a/apparmor.d/profiles-g-l/inxi b/apparmor.d/profiles-g-l/inxi index a8f19a86..e67c03b0 100644 --- a/apparmor.d/profiles-g-l/inxi +++ b/apparmor.d/profiles-g-l/inxi @@ -24,7 +24,7 @@ profile inxi @{exec_path} { @{bin}/perl r, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/zsh rix, @{bin}/tty rix, @{bin}/tput rix, diff --git a/apparmor.d/profiles-g-l/ip b/apparmor.d/profiles-g-l/ip index 7aa742be..fa1b6221 100644 --- a/apparmor.d/profiles-g-l/ip +++ b/apparmor.d/profiles-g-l/ip @@ -29,6 +29,7 @@ profile ip @{exec_path} flags=(attach_disconnected) { umount /sys/, @{exec_path} mrix, + @{shells_path} rix, / r, diff --git a/apparmor.d/profiles-g-l/jdownloader b/apparmor.d/profiles-g-l/jdownloader index a7c4e9cc..8b5aead2 100644 --- a/apparmor.d/profiles-g-l/jdownloader +++ b/apparmor.d/profiles-g-l/jdownloader @@ -105,7 +105,7 @@ profile jdownloader @{exec_path} { @{bin}/xdg-open mr, @{lib}/@{multiarch}/glib-[0-9]*/gio-launch-desktop mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-g-l/jgmenu b/apparmor.d/profiles-g-l/jgmenu index ac2a4a23..a9eda288 100644 --- a/apparmor.d/profiles-g-l/jgmenu +++ b/apparmor.d/profiles-g-l/jgmenu @@ -20,7 +20,7 @@ profile jgmenu @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/zsh rix, @{bin}/mkdir rix, @{bin}/find rix, diff --git a/apparmor.d/profiles-g-l/kanyremote b/apparmor.d/profiles-g-l/kanyremote index 1a8fa37f..73a73d63 100644 --- a/apparmor.d/profiles-g-l/kanyremote +++ b/apparmor.d/profiles-g-l/kanyremote @@ -28,7 +28,7 @@ profile kanyremote @{exec_path} { network inet6 stream, @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ r, @{bin}/rm rix, diff --git a/apparmor.d/profiles-g-l/kernel-install b/apparmor.d/profiles-g-l/kernel-install index 9b3fb084..ca70784b 100644 --- a/apparmor.d/profiles-g-l/kernel-install +++ b/apparmor.d/profiles-g-l/kernel-install @@ -14,7 +14,7 @@ profile kernel-install @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mountpoint rix, @{bin}/sort rix, diff --git a/apparmor.d/profiles-g-l/kmod b/apparmor.d/profiles-g-l/kmod index 74ea5b33..6bf64ed7 100644 --- a/apparmor.d/profiles-g-l/kmod +++ b/apparmor.d/profiles-g-l/kmod @@ -25,7 +25,7 @@ profile kmod @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/false rix, @{bin}/id rix, diff --git a/apparmor.d/profiles-g-l/kodi b/apparmor.d/profiles-g-l/kodi index 9569af82..8dae5000 100644 --- a/apparmor.d/profiles-g-l/kodi +++ b/apparmor.d/profiles-g-l/kodi @@ -24,7 +24,7 @@ profile kodi @{exec_path} { @{lib}/@{multiarch}/kodi/kodi.bin mrix, @{lib}/@{multiarch}/kodi/kodi-xrandr rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/cat rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-g-l/kvm-ok b/apparmor.d/profiles-g-l/kvm-ok index 7b2a039a..85849c42 100644 --- a/apparmor.d/profiles-g-l/kvm-ok +++ b/apparmor.d/profiles-g-l/kvm-ok @@ -12,7 +12,7 @@ profile kvm-ok @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper index 74473747..242ebb59 100644 --- a/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper +++ b/apparmor.d/profiles-g-l/landscape-sysinfo.wrapper @@ -12,7 +12,7 @@ profile landscape-sysinfo.wrapper @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/bc rix, @{bin}/cat rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-g-l/language-validate b/apparmor.d/profiles-g-l/language-validate index 07aabfff..782b413e 100644 --- a/apparmor.d/profiles-g-l/language-validate +++ b/apparmor.d/profiles-g-l/language-validate @@ -14,7 +14,7 @@ profile language-validate @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/grep rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-g-l/lightworks b/apparmor.d/profiles-g-l/lightworks index f9eeb3bc..accbe208 100644 --- a/apparmor.d/profiles-g-l/lightworks +++ b/apparmor.d/profiles-g-l/lightworks @@ -12,7 +12,7 @@ profile lightworks @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib}/lightworks/ntcardvt rPx, diff --git a/apparmor.d/profiles-g-l/linssid b/apparmor.d/profiles-g-l/linssid index 336b67d9..8087045c 100644 --- a/apparmor.d/profiles-g-l/linssid +++ b/apparmor.d/profiles-g-l/linssid @@ -29,7 +29,7 @@ profile linssid @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, # When linssid is run as root, it wants to exec dbus-launch, and hence it creates the two diff --git a/apparmor.d/profiles-g-l/linux-check-removal b/apparmor.d/profiles-g-l/linux-check-removal index 36384ee1..5640cb43 100644 --- a/apparmor.d/profiles-g-l/linux-check-removal +++ b/apparmor.d/profiles-g-l/linux-check-removal @@ -32,7 +32,7 @@ profile linux-check-removal @{exec_path} flags=(complain) { @{bin}/linux-check-removal rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-g-l/localepurge b/apparmor.d/profiles-g-l/localepurge index 0e63b2c2..9ee25683 100644 --- a/apparmor.d/profiles-g-l/localepurge +++ b/apparmor.d/profiles-g-l/localepurge @@ -14,7 +14,7 @@ profile localepurge @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/basename rix, @{bin}/chmod rix, diff --git a/apparmor.d/profiles-g-l/logrotate b/apparmor.d/profiles-g-l/logrotate index cf0fea6b..6cc9d916 100644 --- a/apparmor.d/profiles-g-l/logrotate +++ b/apparmor.d/profiles-g-l/logrotate @@ -28,7 +28,7 @@ profile logrotate @{exec_path} flags=(attach_disconnected) { @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/grep rix, @{bin}/gzip rix, diff --git a/apparmor.d/profiles-g-l/lsinitramfs b/apparmor.d/profiles-g-l/lsinitramfs index a416ed69..ff3f5286 100644 --- a/apparmor.d/profiles-g-l/lsinitramfs +++ b/apparmor.d/profiles-g-l/lsinitramfs @@ -12,7 +12,7 @@ profile lsinitramfs @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/getopt rix, diff --git a/apparmor.d/profiles-g-l/lynx b/apparmor.d/profiles-g-l/lynx index 4bbda958..8f77c79e 100644 --- a/apparmor.d/profiles-g-l/lynx +++ b/apparmor.d/profiles-g-l/lynx @@ -28,7 +28,7 @@ profile lynx @{exec_path} { /etc/mime.types r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /etc/mailcap r, owner /tmp/lynxXXXX*/ rw, diff --git a/apparmor.d/profiles-m-r/mdevctl b/apparmor.d/profiles-m-r/mdevctl index 8c7daaa5..2788840f 100644 --- a/apparmor.d/profiles-m-r/mdevctl +++ b/apparmor.d/profiles-m-r/mdevctl @@ -11,6 +11,11 @@ profile mdevctl @{exec_path} { include @{exec_path} mr, + @{bin}/basename rix, + @{bin}/find rix, + @{bin}/getopt rix, + @{bin}/jq rix, + @{bin}/sort rix, /etc/mdevctl.d/{,**} r, diff --git a/apparmor.d/profiles-m-r/mediainfo-gui b/apparmor.d/profiles-m-r/mediainfo-gui index 9e4e8d13..72dc273a 100644 --- a/apparmor.d/profiles-m-r/mediainfo-gui +++ b/apparmor.d/profiles-m-r/mediainfo-gui @@ -30,7 +30,7 @@ profile mediainfo-gui @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/megasync b/apparmor.d/profiles-m-r/megasync index 55ab7d2d..72820bbf 100644 --- a/apparmor.d/profiles-m-r/megasync +++ b/apparmor.d/profiles-m-r/megasync @@ -33,7 +33,7 @@ profile megasync @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @@ -90,7 +90,7 @@ profile megasync @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/minitube b/apparmor.d/profiles-m-r/minitube index 7b231781..e558722f 100644 --- a/apparmor.d/profiles-m-r/minitube +++ b/apparmor.d/profiles-m-r/minitube @@ -99,7 +99,7 @@ profile minitube @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, @@ -122,7 +122,7 @@ profile minitube @{exec_path} { @{bin}/xdg-screensaver mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mv rix, @{bin}/{,e}grep rix, @{bin}/sed rix, diff --git a/apparmor.d/profiles-m-r/mke2fs b/apparmor.d/profiles-m-r/mke2fs index ed9caed0..6a73f29e 100644 --- a/apparmor.d/profiles-m-r/mke2fs +++ b/apparmor.d/profiles-m-r/mke2fs @@ -18,7 +18,7 @@ profile mke2fs @{exec_path} { @{exec_path} mr, # To check for badblocks - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/badblocks rPx, /usr/share/file/misc/magic.mgc r, diff --git a/apparmor.d/profiles-m-r/mkinitramfs b/apparmor.d/profiles-m-r/mkinitramfs index da4ecbac..af0934e6 100644 --- a/apparmor.d/profiles-m-r/mkinitramfs +++ b/apparmor.d/profiles-m-r/mkinitramfs @@ -19,7 +19,7 @@ profile mkinitramfs @{exec_path} { capability fsetid, @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ r, @{lib}/ r, @@ -100,7 +100,7 @@ profile mkinitramfs @{exec_path} { @{bin}/ldd mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/kmod mr, @{lib}/initramfs-tools/bin/* mr, @@ -118,7 +118,7 @@ profile mkinitramfs @{exec_path} { @{bin}/ldconfig mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ldconfig.real rix, owner /var/tmp/mkinitramfs_*/etc/ld.so.conf r, diff --git a/apparmor.d/profiles-m-r/modprobed-db b/apparmor.d/profiles-m-r/modprobed-db index abeaa04a..c7057aa4 100644 --- a/apparmor.d/profiles-m-r/modprobed-db +++ b/apparmor.d/profiles-m-r/modprobed-db @@ -13,7 +13,7 @@ profile modprobed-db @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/cp rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-m-r/molly-guard b/apparmor.d/profiles-m-r/molly-guard index 0ff6780d..31f0762e 100644 --- a/apparmor.d/profiles-m-r/molly-guard +++ b/apparmor.d/profiles-m-r/molly-guard @@ -17,7 +17,7 @@ profile molly-guard @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e,p}grep rix, @{bin}/hostname rix, @{bin}/run-parts rix, diff --git a/apparmor.d/profiles-m-r/monitorix b/apparmor.d/profiles-m-r/monitorix index 306fe489..0c536a6f 100644 --- a/apparmor.d/profiles-m-r/monitorix +++ b/apparmor.d/profiles-m-r/monitorix @@ -34,7 +34,7 @@ profile monitorix @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/df rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-m-r/mount-nfs b/apparmor.d/profiles-m-r/mount-nfs index 12e93f6d..42d85fa0 100644 --- a/apparmor.d/profiles-m-r/mount-nfs +++ b/apparmor.d/profiles-m-r/mount-nfs @@ -40,7 +40,7 @@ profile mount-nfs @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/flock rix, @{bin}/start-statd rix, diff --git a/apparmor.d/profiles-m-r/mpv b/apparmor.d/profiles-m-r/mpv index 12e3dd68..a3ed195c 100644 --- a/apparmor.d/profiles-m-r/mpv +++ b/apparmor.d/profiles-m-r/mpv @@ -92,7 +92,7 @@ profile mpv @{exec_path} { @{bin}/xdg-screensaver mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mv rix, @{bin}/{,e}grep rix, @{bin}/sed rix, diff --git a/apparmor.d/profiles-m-r/mumble b/apparmor.d/profiles-m-r/mumble index 5be958c0..a325acdb 100644 --- a/apparmor.d/profiles-m-r/mumble +++ b/apparmor.d/profiles-m-r/mumble @@ -84,7 +84,7 @@ profile mumble @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/mumble-overlay b/apparmor.d/profiles-m-r/mumble-overlay index ba87d572..07f5a010 100644 --- a/apparmor.d/profiles-m-r/mumble-overlay +++ b/apparmor.d/profiles-m-r/mumble-overlay @@ -13,7 +13,7 @@ profile mumble-overlay @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/file rix, @{bin}/which{,.debianutils} rix, diff --git a/apparmor.d/profiles-m-r/needrestart b/apparmor.d/profiles-m-r/needrestart index 81a175d7..8a1c4d4c 100644 --- a/apparmor.d/profiles-m-r/needrestart +++ b/apparmor.d/profiles-m-r/needrestart @@ -24,7 +24,7 @@ profile needrestart @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dpkg-query rpx, @{bin}/fail2ban-server rPx, @{bin}/locale rix, diff --git a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke index 77d29625..addce84c 100644 --- a/apparmor.d/profiles-m-r/needrestart-apt-pinvoke +++ b/apparmor.d/profiles-m-r/needrestart-apt-pinvoke @@ -15,7 +15,7 @@ profile needrestart-apt-pinvoke @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/dbus-send rix, @{bin}/needrestart rPx, @{bin}/rm rix, diff --git a/apparmor.d/profiles-m-r/needrestart-dpkg-status b/apparmor.d/profiles-m-r/needrestart-dpkg-status index 3fce4fe7..1de2b320 100644 --- a/apparmor.d/profiles-m-r/needrestart-dpkg-status +++ b/apparmor.d/profiles-m-r/needrestart-dpkg-status @@ -15,7 +15,7 @@ profile needrestart-dpkg-status @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mkdir rix, @{bin}/touch rix, diff --git a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions index 837f5c22..30a7bb80 100644 --- a/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions +++ b/apparmor.d/profiles-m-r/needrestart-iucode-scan-versions @@ -13,7 +13,7 @@ profile needrestart-iucode-scan-versions @{exec_path} { @{exec_path} mr, @{bin}/iucode_tool rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/bsdtar rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-m-r/on-ac-power b/apparmor.d/profiles-m-r/on-ac-power index 5e5e65fa..d5248795 100644 --- a/apparmor.d/profiles-m-r/on-ac-power +++ b/apparmor.d/profiles-m-r/on-ac-power @@ -12,7 +12,7 @@ profile on-ac-power @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-m-r/openbox b/apparmor.d/profiles-m-r/openbox index 1145e13e..4788f38c 100644 --- a/apparmor.d/profiles-m-r/openbox +++ b/apparmor.d/profiles-m-r/openbox @@ -57,7 +57,7 @@ profile openbox @{exec_path} { @{lib}/@{multiarch}/openbox-autostart mr, @{lib}/@{multiarch}/openbox-xdg-autostart rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, # Apps allowed to run diff --git a/apparmor.d/profiles-m-r/openbox-session b/apparmor.d/profiles-m-r/openbox-session index c3dc2d59..18598406 100644 --- a/apparmor.d/profiles-m-r/openbox-session +++ b/apparmor.d/profiles-m-r/openbox-session @@ -12,7 +12,7 @@ profile openbox-session @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/xprop rPx, @{bin}/openbox rPx, diff --git a/apparmor.d/profiles-m-r/orage b/apparmor.d/profiles-m-r/orage index 587a295b..ee04dda6 100644 --- a/apparmor.d/profiles-m-r/orage +++ b/apparmor.d/profiles-m-r/orage @@ -50,7 +50,7 @@ profile orage @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/os-prober b/apparmor.d/profiles-m-r/os-prober index 3e85bb02..c0bb8b6a 100644 --- a/apparmor.d/profiles-m-r/os-prober +++ b/apparmor.d/profiles-m-r/os-prober @@ -18,7 +18,7 @@ profile os-prober @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{e,f,}grep rix, @{bin}/blkid rPx, @{bin}/btrfs rPx, diff --git a/apparmor.d/profiles-m-r/packagekitd b/apparmor.d/profiles-m-r/packagekitd index 9ac7fa3c..aa3c0f83 100644 --- a/apparmor.d/profiles-m-r/packagekitd +++ b/apparmor.d/profiles-m-r/packagekitd @@ -51,7 +51,7 @@ profile packagekitd @{exec_path} flags=(attach_disconnected) { @{bin}/gpgconf rCx -> gpg, @{bin}/gpgsm rCx -> gpg, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cp rix, @{bin}/echo rix, @{bin}/gdbus rix, diff --git a/apparmor.d/profiles-m-r/pam-auth-update b/apparmor.d/profiles-m-r/pam-auth-update index 9c4b7393..48af5a9f 100644 --- a/apparmor.d/profiles-m-r/pam-auth-update +++ b/apparmor.d/profiles-m-r/pam-auth-update @@ -39,7 +39,7 @@ profile pam-auth-update @{exec_path} flags=(complain) { @{bin}/pam-auth-update rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-m-r/parted b/apparmor.d/profiles-m-r/parted index 8ebb8da5..bd023832 100644 --- a/apparmor.d/profiles-m-r/parted +++ b/apparmor.d/profiles-m-r/parted @@ -28,7 +28,7 @@ profile parted @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/udevadm rCx -> udevadm, diff --git a/apparmor.d/profiles-m-r/partprobe b/apparmor.d/profiles-m-r/partprobe index f949d1a5..27edebbf 100644 --- a/apparmor.d/profiles-m-r/partprobe +++ b/apparmor.d/profiles-m-r/partprobe @@ -27,7 +27,7 @@ profile partprobe @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/udevadm rCx -> udevadm, diff --git a/apparmor.d/profiles-m-r/pass b/apparmor.d/profiles-m-r/pass index cf74122a..7e16450f 100644 --- a/apparmor.d/profiles-m-r/pass +++ b/apparmor.d/profiles-m-r/pass @@ -14,7 +14,7 @@ profile pass @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/base64 rix, @{bin}/cat rix, @{bin}/cp rix, diff --git a/apparmor.d/profiles-m-r/pinentry b/apparmor.d/profiles-m-r/pinentry index 1955e3fc..3606078b 100644 --- a/apparmor.d/profiles-m-r/pinentry +++ b/apparmor.d/profiles-m-r/pinentry @@ -14,7 +14,7 @@ profile pinentry @{exec_path} { @{exec_path} mr, @{bin}/pinentry-* rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /etc/pinentry/preexec r, diff --git a/apparmor.d/profiles-m-r/pinentry-curses b/apparmor.d/profiles-m-r/pinentry-curses index 39c29140..b9d53352 100644 --- a/apparmor.d/profiles-m-r/pinentry-curses +++ b/apparmor.d/profiles-m-r/pinentry-curses @@ -13,7 +13,7 @@ profile pinentry-curses @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /usr/share/terminfo/** r, diff --git a/apparmor.d/profiles-m-r/popcon-largest-unused b/apparmor.d/profiles-m-r/popcon-largest-unused index bff3d073..c6550fba 100644 --- a/apparmor.d/profiles-m-r/popcon-largest-unused +++ b/apparmor.d/profiles-m-r/popcon-largest-unused @@ -15,7 +15,7 @@ profile popcon-largest-unused @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/sort rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-m-r/popularity-contest b/apparmor.d/profiles-m-r/popularity-contest index c24adaa3..31462ce1 100644 --- a/apparmor.d/profiles-m-r/popularity-contest +++ b/apparmor.d/profiles-m-r/popularity-contest @@ -25,7 +25,7 @@ profile popularity-contest @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/env rix, # Do not strip env to avoid errors like the following: diff --git a/apparmor.d/profiles-m-r/protonmail-bridge b/apparmor.d/profiles-m-r/protonmail-bridge index 4fa0bb9a..0330a123 100644 --- a/apparmor.d/profiles-m-r/protonmail-bridge +++ b/apparmor.d/profiles-m-r/protonmail-bridge @@ -50,7 +50,7 @@ profile protonmail-bridge @{exec_path} { @{bin}/pass mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/base64 rix, @{bin}/dirname rix, @{bin}/env rix, diff --git a/apparmor.d/profiles-m-r/psi b/apparmor.d/profiles-m-r/psi index dd589984..5d889a07 100644 --- a/apparmor.d/profiles-m-r/psi +++ b/apparmor.d/profiles-m-r/psi @@ -118,7 +118,7 @@ profile psi @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/psi-plus b/apparmor.d/profiles-m-r/psi-plus index fd9f3a51..8c9d849f 100644 --- a/apparmor.d/profiles-m-r/psi-plus +++ b/apparmor.d/profiles-m-r/psi-plus @@ -117,7 +117,7 @@ profile psi-plus @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/qnapi b/apparmor.d/profiles-m-r/qnapi index 44bdc465..d9502c05 100644 --- a/apparmor.d/profiles-m-r/qnapi +++ b/apparmor.d/profiles-m-r/qnapi @@ -89,7 +89,7 @@ profile qnapi @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/qtox b/apparmor.d/profiles-m-r/qtox index a8e22764..25e6890d 100644 --- a/apparmor.d/profiles-m-r/qtox +++ b/apparmor.d/profiles-m-r/qtox @@ -76,7 +76,7 @@ profile qtox @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/quiterss b/apparmor.d/profiles-m-r/quiterss index ff4ffb89..c8fe5a85 100644 --- a/apparmor.d/profiles-m-r/quiterss +++ b/apparmor.d/profiles-m-r/quiterss @@ -83,7 +83,7 @@ profile quiterss @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-m-r/repo b/apparmor.d/profiles-m-r/repo index 64d3b1e3..26b7c107 100644 --- a/apparmor.d/profiles-m-r/repo +++ b/apparmor.d/profiles-m-r/repo @@ -28,7 +28,7 @@ profile repo @{exec_path} { @{bin}/ r, @{bin}/env rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/uname rix, @{bin}/git rix, diff --git a/apparmor.d/profiles-m-r/resolvconf b/apparmor.d/profiles-m-r/resolvconf index c9386cd9..8609e485 100644 --- a/apparmor.d/profiles-m-r/resolvconf +++ b/apparmor.d/profiles-m-r/resolvconf @@ -13,7 +13,7 @@ profile resolvconf @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/flock rix, @{bin}/mkdir rix, diff --git a/apparmor.d/profiles-m-r/run-parts b/apparmor.d/profiles-m-r/run-parts index 06fd1eb9..4cd81889 100644 --- a/apparmor.d/profiles-m-r/run-parts +++ b/apparmor.d/profiles-m-r/run-parts @@ -16,7 +16,7 @@ profile run-parts @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/anacron rix, @{bin}/cat rix, @{bin}/date rix, @@ -147,7 +147,7 @@ profile run-parts @{exec_path} { include include - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{e,}grep rix, @{bin}/cat rix, @{bin}/cut rix, @@ -188,7 +188,7 @@ profile run-parts @{exec_path} { capability sys_module, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{,m,g}awk rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-m-r/rustdesk b/apparmor.d/profiles-m-r/rustdesk index c2ba2970..4ab63b13 100644 --- a/apparmor.d/profiles-m-r/rustdesk +++ b/apparmor.d/profiles-m-r/rustdesk @@ -38,7 +38,7 @@ profile rustdesk @{exec_path} { @{bin}/ls rix, @{bin}/python3.@{int} rPx -> rustdesk_python, - @{bin}/{,ba,da}sh rPx -> rustdesk_shell, + @{sh_path} rPx -> rustdesk_shell, /etc/gdm{,3}/custom.conf r, @@ -167,7 +167,7 @@ profile rustdesk_python { @{bin}/python3.@{int} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/chmod rix, @{bin}/uname rPx, /usr/share/rustdesk/files/pynput_service.py rPx, @@ -198,7 +198,7 @@ profile rustdesk_shell { ptrace (read), - @{bin}/{,ba,da}sh r, + @{sh_path} r, @{bin}/tr rix, @{bin}/{,e}grep rix, diff --git a/apparmor.d/profiles-s-z/sanoid b/apparmor.d/profiles-s-z/sanoid index 4fd51e72..0be658dd 100644 --- a/apparmor.d/profiles-s-z/sanoid +++ b/apparmor.d/profiles-s-z/sanoid @@ -12,7 +12,7 @@ profile sanoid @{exec_path} flags=(complain) { include @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/perl rix, @{bin}/ps rPx, /{usr/,}{local/,}{s,}bin/zfs rPx, diff --git a/apparmor.d/profiles-s-z/scrot b/apparmor.d/profiles-s-z/scrot index a50ce1d6..e2fd09d1 100644 --- a/apparmor.d/profiles-s-z/scrot +++ b/apparmor.d/profiles-s-z/scrot @@ -15,7 +15,7 @@ profile scrot @{exec_path} { @{exec_path} mr, # "mv" is needed to change the image dir - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/mv rix, # The image dir diff --git a/apparmor.d/profiles-s-z/secure-time-sync b/apparmor.d/profiles-s-z/secure-time-sync index 7545f53e..bf11debc 100644 --- a/apparmor.d/profiles-s-z/secure-time-sync +++ b/apparmor.d/profiles-s-z/secure-time-sync @@ -20,7 +20,7 @@ profile secure-time-sync @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/curl rix, @{bin}/date rix, @{bin}/grep rix, diff --git a/apparmor.d/profiles-s-z/smartd b/apparmor.d/profiles-s-z/smartd index a3a1bcc1..3e710291 100644 --- a/apparmor.d/profiles-s-z/smartd +++ b/apparmor.d/profiles-s-z/smartd @@ -22,7 +22,7 @@ profile smartd @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/hostname rix, @{bin}/mail rix, diff --git a/apparmor.d/profiles-s-z/smtube b/apparmor.d/profiles-s-z/smtube index 5d6de042..a6964141 100644 --- a/apparmor.d/profiles-s-z/smtube +++ b/apparmor.d/profiles-s-z/smtube @@ -87,7 +87,7 @@ profile smtube @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/snapd b/apparmor.d/profiles-s-z/snapd index 62d2c843..f6808b31 100644 --- a/apparmor.d/profiles-s-z/snapd +++ b/apparmor.d/profiles-s-z/snapd @@ -66,7 +66,7 @@ profile snapd @{exec_path} { @{bin}/ssh-keygen rPx, @{bin}/useradd rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/apparmor_parser rPx, @{bin}/cp rix, @{bin}/gzip rix, diff --git a/apparmor.d/profiles-s-z/spacefm-auth b/apparmor.d/profiles-s-z/spacefm-auth index c796f00a..2e7f3412 100644 --- a/apparmor.d/profiles-s-z/spacefm-auth +++ b/apparmor.d/profiles-s-z/spacefm-auth @@ -12,7 +12,7 @@ profile spacefm-auth @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, include if exists } diff --git a/apparmor.d/profiles-s-z/spectre-meltdown-checker b/apparmor.d/profiles-s-z/spectre-meltdown-checker index 48f71ce9..37f4e55a 100644 --- a/apparmor.d/profiles-s-z/spectre-meltdown-checker +++ b/apparmor.d/profiles-s-z/spectre-meltdown-checker @@ -28,7 +28,7 @@ profile spectre-meltdown-checker @{exec_path} { @{bin}/{,@{multiarch}-}objdump rix, @{bin}/{,@{multiarch}-}readelf rix, @{bin}/{,@{multiarch}-}strings rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{,g,m}awk rix, @{bin}/base64 rix, diff --git a/apparmor.d/profiles-s-z/start-pulseaudio-x11 b/apparmor.d/profiles-s-z/start-pulseaudio-x11 index 3c44e489..616e783f 100644 --- a/apparmor.d/profiles-s-z/start-pulseaudio-x11 +++ b/apparmor.d/profiles-s-z/start-pulseaudio-x11 @@ -12,7 +12,7 @@ profile start-pulseaudio-x11 @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/head rix, @{bin}/pactl rPx, @{bin}/plasmashell rPx, diff --git a/apparmor.d/profiles-s-z/startx b/apparmor.d/profiles-s-z/startx index 3358f01e..8bb4cd73 100644 --- a/apparmor.d/profiles-s-z/startx +++ b/apparmor.d/profiles-s-z/startx @@ -14,7 +14,7 @@ profile startx @{exec_path} flags=(attach_disconnected) { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/deallocvt rix, diff --git a/apparmor.d/profiles-s-z/steam b/apparmor.d/profiles-s-z/steam index 1cf399a7..eed35986 100644 --- a/apparmor.d/profiles-s-z/steam +++ b/apparmor.d/profiles-s-z/steam @@ -37,7 +37,7 @@ profile steam @{exec_path} flags=(attach_disconnected,mediate_deleted,complain) @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/*sum rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/steam-game b/apparmor.d/profiles-s-z/steam-game index ebfd8ad8..484adb63 100644 --- a/apparmor.d/profiles-s-z/steam-game +++ b/apparmor.d/profiles-s-z/steam-game @@ -60,7 +60,7 @@ profile steam-game @{exec_path} flags=(attach_disconnected) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/bwrap rix, @{bin}/env rix, @{bin}/getopt rix, diff --git a/apparmor.d/profiles-s-z/strawberry b/apparmor.d/profiles-s-z/strawberry index fd15ed8e..4f4ee42b 100644 --- a/apparmor.d/profiles-s-z/strawberry +++ b/apparmor.d/profiles-s-z/strawberry @@ -111,7 +111,7 @@ profile strawberry @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/syncoid b/apparmor.d/profiles-s-z/syncoid index f9829c87..c04232d8 100644 --- a/apparmor.d/profiles-s-z/syncoid +++ b/apparmor.d/profiles-s-z/syncoid @@ -14,7 +14,7 @@ profile syncoid @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/grep rix, @{bin}/mbuffer rix, @{bin}/perl rix, diff --git a/apparmor.d/profiles-s-z/system-config-printer b/apparmor.d/profiles-s-z/system-config-printer index e817556c..31c63fef 100644 --- a/apparmor.d/profiles-s-z/system-config-printer +++ b/apparmor.d/profiles-s-z/system-config-printer @@ -31,7 +31,7 @@ profile system-config-printer @{exec_path} flags=(complain) { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/python3.@{int} r, @{lib}/cups/*/* rPUx, /usr/share/hplip/query.py rPUx, diff --git a/apparmor.d/profiles-s-z/system-config-printer-applet b/apparmor.d/profiles-s-z/system-config-printer-applet index e71afc51..25bcb7d7 100644 --- a/apparmor.d/profiles-s-z/system-config-printer-applet +++ b/apparmor.d/profiles-s-z/system-config-printer-applet @@ -19,7 +19,7 @@ profile system-config-printer-applet @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/python3.@{int} r, /usr/share/system-config-printer/{,**} r, diff --git a/apparmor.d/profiles-s-z/tasksel b/apparmor.d/profiles-s-z/tasksel index 909b088f..24cc65c1 100644 --- a/apparmor.d/profiles-s-z/tasksel +++ b/apparmor.d/profiles-s-z/tasksel @@ -15,7 +15,7 @@ profile tasksel @{exec_path} flags=(complain) { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/tempfile rix, @{lib}/tasksel/tasksel-debconf rix, @@ -45,7 +45,7 @@ profile tasksel @{exec_path} flags=(complain) { include @{lib}/tasksel/tests/* r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, } @@ -60,7 +60,7 @@ profile tasksel @{exec_path} flags=(complain) { @{bin}/tasksel rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-s-z/thunderbird b/apparmor.d/profiles-s-z/thunderbird index a2c2db04..67e9013c 100644 --- a/apparmor.d/profiles-s-z/thunderbird +++ b/apparmor.d/profiles-s-z/thunderbird @@ -59,7 +59,7 @@ profile thunderbird @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{lib_dirs}/{,**} r, @{lib_dirs}/*.so mr, diff --git a/apparmor.d/profiles-s-z/tint2conf b/apparmor.d/profiles-s-z/tint2conf index d48a6a75..2ad3762c 100644 --- a/apparmor.d/profiles-s-z/tint2conf +++ b/apparmor.d/profiles-s-z/tint2conf @@ -19,7 +19,7 @@ profile tint2conf @{exec_path} { @{bin}/tint2 rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /usr/share/tint2/{,*} r, diff --git a/apparmor.d/profiles-s-z/torify b/apparmor.d/profiles-s-z/torify index 593b6acb..6eb5f76f 100644 --- a/apparmor.d/profiles-s-z/torify +++ b/apparmor.d/profiles-s-z/torify @@ -12,7 +12,7 @@ profile torify @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, include if exists } diff --git a/apparmor.d/profiles-s-z/torsocks b/apparmor.d/profiles-s-z/torsocks index 411bae9e..b72a959e 100644 --- a/apparmor.d/profiles-s-z/torsocks +++ b/apparmor.d/profiles-s-z/torsocks @@ -16,7 +16,7 @@ profile torsocks @{exec_path} { @{exec_path} rm, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/* rPUx, @{lib}/uwt/uwtexec rPUx, @{bin}/getcap rix, diff --git a/apparmor.d/profiles-s-z/tpacpi-bat b/apparmor.d/profiles-s-z/tpacpi-bat index e51f3e76..3febe67c 100644 --- a/apparmor.d/profiles-s-z/tpacpi-bat +++ b/apparmor.d/profiles-s-z/tpacpi-bat @@ -15,7 +15,7 @@ profile tpacpi-bat @{exec_path} { @{exec_path} mr, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, # To load the acpi_call module diff --git a/apparmor.d/profiles-s-z/ucf b/apparmor.d/profiles-s-z/ucf index 8f411f2d..1795bc6c 100644 --- a/apparmor.d/profiles-s-z/ucf +++ b/apparmor.d/profiles-s-z/ucf @@ -13,7 +13,7 @@ profile ucf @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/basename rix, @@ -92,7 +92,7 @@ profile ucf @{exec_path} flags=(complain) { @{bin}/ucf rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/stty rix, @{bin}/locale rix, diff --git a/apparmor.d/profiles-s-z/udiskie b/apparmor.d/profiles-s-z/udiskie index 7fed9943..f6e7aaaf 100644 --- a/apparmor.d/profiles-s-z/udiskie +++ b/apparmor.d/profiles-s-z/udiskie @@ -49,7 +49,7 @@ profile udiskie @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/udisksctl b/apparmor.d/profiles-s-z/udisksctl index efe4e16e..c4f6dc96 100644 --- a/apparmor.d/profiles-s-z/udisksctl +++ b/apparmor.d/profiles-s-z/udisksctl @@ -13,7 +13,7 @@ profile udisksctl @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/pager rPx -> child-pager, @{bin}/less rPx -> child-pager, diff --git a/apparmor.d/profiles-s-z/udisksd b/apparmor.d/profiles-s-z/udisksd index 6805fe1e..5564cf30 100644 --- a/apparmor.d/profiles-s-z/udisksd +++ b/apparmor.d/profiles-s-z/udisksd @@ -69,7 +69,7 @@ profile udisksd @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/umount rix, @{bin}/dmidecode rPx, diff --git a/apparmor.d/profiles-s-z/unhide-linux b/apparmor.d/profiles-s-z/unhide-linux index 060ec7c9..a782c72c 100644 --- a/apparmor.d/profiles-s-z/unhide-linux +++ b/apparmor.d/profiles-s-z/unhide-linux @@ -18,7 +18,7 @@ profile unhide-linux @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ps rix, @{PROC}/ r, diff --git a/apparmor.d/profiles-s-z/unhide-posix b/apparmor.d/profiles-s-z/unhide-posix index 315227a6..0e869207 100644 --- a/apparmor.d/profiles-s-z/unhide-posix +++ b/apparmor.d/profiles-s-z/unhide-posix @@ -18,7 +18,7 @@ profile unhide-posix @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/ps rix, diff --git a/apparmor.d/profiles-s-z/unhide-tcp b/apparmor.d/profiles-s-z/unhide-tcp index 654992c4..8646eadb 100644 --- a/apparmor.d/profiles-s-z/unhide-tcp +++ b/apparmor.d/profiles-s-z/unhide-tcp @@ -18,7 +18,7 @@ profile unhide-tcp @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/fuser rix, @{bin}/netstat rix, @{bin}/sed rix, diff --git a/apparmor.d/profiles-s-z/unmkinitramfs b/apparmor.d/profiles-s-z/unmkinitramfs index e645f1ed..59bdb710 100644 --- a/apparmor.d/profiles-s-z/unmkinitramfs +++ b/apparmor.d/profiles-s-z/unmkinitramfs @@ -17,7 +17,7 @@ profile unmkinitramfs @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/bzip2 rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-s-z/update-ca-certificates b/apparmor.d/profiles-s-z/update-ca-certificates index a26ad0ce..e296541b 100644 --- a/apparmor.d/profiles-s-z/update-ca-certificates +++ b/apparmor.d/profiles-s-z/update-ca-certificates @@ -16,7 +16,7 @@ profile update-ca-certificates @{exec_path} { @{exec_path} rmix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/cat rix, @{bin}/chmod rix, diff --git a/apparmor.d/profiles-s-z/update-cracklib b/apparmor.d/profiles-s-z/update-cracklib index 9251085f..242c91a4 100644 --- a/apparmor.d/profiles-s-z/update-cracklib +++ b/apparmor.d/profiles-s-z/update-cracklib @@ -13,7 +13,7 @@ profile update-cracklib @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cracklib-format rix, @{bin}/cracklib-packer rPx, @{bin}/env rix, diff --git a/apparmor.d/profiles-s-z/update-dlocatedb b/apparmor.d/profiles-s-z/update-dlocatedb index 401063e8..fcf3c65b 100644 --- a/apparmor.d/profiles-s-z/update-dlocatedb +++ b/apparmor.d/profiles-s-z/update-dlocatedb @@ -13,7 +13,7 @@ profile update-dlocatedb @{exec_path} { include @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/uname rix, diff --git a/apparmor.d/profiles-s-z/update-initramfs b/apparmor.d/profiles-s-z/update-initramfs index 09810e7c..be61c82b 100644 --- a/apparmor.d/profiles-s-z/update-initramfs +++ b/apparmor.d/profiles-s-z/update-initramfs @@ -15,7 +15,7 @@ profile update-initramfs @{exec_path} { ptrace (read) peer=unconfined, @{exec_path} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ r, diff --git a/apparmor.d/profiles-s-z/update-pciids b/apparmor.d/profiles-s-z/update-pciids index 97774502..4c54810e 100644 --- a/apparmor.d/profiles-s-z/update-pciids +++ b/apparmor.d/profiles-s-z/update-pciids @@ -13,7 +13,7 @@ profile update-pciids @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/touch rix, @{bin}/rm rix, diff --git a/apparmor.d/profiles-s-z/update-secureboot-policy b/apparmor.d/profiles-s-z/update-secureboot-policy index 53959832..4ed33c86 100644 --- a/apparmor.d/profiles-s-z/update-secureboot-policy +++ b/apparmor.d/profiles-s-z/update-secureboot-policy @@ -14,7 +14,7 @@ profile update-secureboot-policy @{exec_path} { @{exec_path} rm, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,m,g}awk rix, @{bin}/dpkg-trigger rPx, @{bin}/find rix, diff --git a/apparmor.d/profiles-s-z/update-smart-drivedb b/apparmor.d/profiles-s-z/update-smart-drivedb index cb4ca65d..2d88b24a 100644 --- a/apparmor.d/profiles-s-z/update-smart-drivedb +++ b/apparmor.d/profiles-s-z/update-smart-drivedb @@ -13,7 +13,7 @@ profile update-smart-drivedb @{exec_path} { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/dirname rix, @@ -76,7 +76,7 @@ profile update-smart-drivedb @{exec_path} { @{bin}/curl mr, @{bin}/lynx mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /etc/mime.types r, /etc/mailcap r, diff --git a/apparmor.d/profiles-s-z/usb-devices b/apparmor.d/profiles-s-z/usb-devices index 372c3b1e..881e35c4 100644 --- a/apparmor.d/profiles-s-z/usb-devices +++ b/apparmor.d/profiles-s-z/usb-devices @@ -17,7 +17,7 @@ profile usb-devices @{exec_path} { deny capability dac_override, @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/cut rix, diff --git a/apparmor.d/profiles-s-z/utox b/apparmor.d/profiles-s-z/utox index 9027d02b..0a3c3494 100644 --- a/apparmor.d/profiles-s-z/utox +++ b/apparmor.d/profiles-s-z/utox @@ -45,7 +45,7 @@ profile utox @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/uupdate b/apparmor.d/profiles-s-z/uupdate index f9a8ee06..ffc6c406 100644 --- a/apparmor.d/profiles-s-z/uupdate +++ b/apparmor.d/profiles-s-z/uupdate @@ -15,7 +15,7 @@ profile uupdate @{exec_path} flags=(complain) { include @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/basename rix, @{bin}/which{,.debianutils} rix, diff --git a/apparmor.d/profiles-s-z/vipw-vigr b/apparmor.d/profiles-s-z/vipw-vigr index 5b7173e7..4e400585 100644 --- a/apparmor.d/profiles-s-z/vipw-vigr +++ b/apparmor.d/profiles-s-z/vipw-vigr @@ -15,7 +15,7 @@ profile vipw-vigr @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/sensible-editor rCx -> editor, @{bin}/vim.* rCx -> editor, @@ -47,7 +47,7 @@ profile vipw-vigr @{exec_path} { @{bin}/sensible-editor mr, @{bin}/vim.* mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/which{,.debianutils} rix, owner @{HOME}/.selected_editor r, diff --git a/apparmor.d/profiles-s-z/virt-manager b/apparmor.d/profiles-s-z/virt-manager index 214f9534..d2650862 100644 --- a/apparmor.d/profiles-s-z/virt-manager +++ b/apparmor.d/profiles-s-z/virt-manager @@ -31,7 +31,7 @@ profile virt-manager @{exec_path} flags=(attach_disconnected) { @{exec_path} rix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/python3.@{int} r, @{lib}/python3.@{int}/site-packages/__pycache__/guestfs.cpython-[0-9]*.pyc.[0-9]* w, diff --git a/apparmor.d/profiles-s-z/volumeicon b/apparmor.d/profiles-s-z/volumeicon index d198ef77..de174c14 100644 --- a/apparmor.d/profiles-s-z/volumeicon +++ b/apparmor.d/profiles-s-z/volumeicon @@ -34,7 +34,7 @@ profile volumeicon @{exec_path} { /etc/machine-id r, # Start the PulseAudio sound mixer - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/pavucontrol rPUx, @{bin}/pulseeffects rPUx, diff --git a/apparmor.d/profiles-s-z/whdd b/apparmor.d/profiles-s-z/whdd index d5f3326a..77e93426 100644 --- a/apparmor.d/profiles-s-z/whdd +++ b/apparmor.d/profiles-s-z/whdd @@ -19,7 +19,7 @@ profile whdd @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/tr rix, diff --git a/apparmor.d/profiles-s-z/which b/apparmor.d/profiles-s-z/which index db4d0bec..6b24b8a7 100644 --- a/apparmor.d/profiles-s-z/which +++ b/apparmor.d/profiles-s-z/which @@ -14,7 +14,7 @@ profile which @{exec_path} flags=(attach_disconnected) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ r, @{bin}/**/ r, diff --git a/apparmor.d/profiles-s-z/wireshark b/apparmor.d/profiles-s-z/wireshark index 9c875daf..9c48d016 100644 --- a/apparmor.d/profiles-s-z/wireshark +++ b/apparmor.d/profiles-s-z/wireshark @@ -94,7 +94,7 @@ profile wireshark @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/wpa-action b/apparmor.d/profiles-s-z/wpa-action index 6995ee49..668acd0f 100644 --- a/apparmor.d/profiles-s-z/wpa-action +++ b/apparmor.d/profiles-s-z/wpa-action @@ -19,7 +19,7 @@ profile wpa-action @{exec_path} { @{bin}/wpa_cli rPx, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/cat rix, @{bin}/date rix, diff --git a/apparmor.d/profiles-s-z/x11-xsession b/apparmor.d/profiles-s-z/x11-xsession index a9e02823..ea9d7aa5 100644 --- a/apparmor.d/profiles-s-z/x11-xsession +++ b/apparmor.d/profiles-s-z/x11-xsession @@ -15,7 +15,7 @@ profile x11-xsession @{exec_path} { @{exec_path} r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/xarchiver b/apparmor.d/profiles-s-z/xarchiver index 7f1e546a..eb6f8f95 100644 --- a/apparmor.d/profiles-s-z/xarchiver +++ b/apparmor.d/profiles-s-z/xarchiver @@ -21,7 +21,7 @@ profile xarchiver @{exec_path} { @{exec_path} mrix, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/ls rix, @{bin}/rm rix, @{bin}/mv rix, @@ -79,7 +79,7 @@ profile xarchiver @{exec_path} { @{bin}/xdg-open mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{m,g,}awk rix, @{bin}/readlink rix, @{bin}/basename rix, diff --git a/apparmor.d/profiles-s-z/xautolock b/apparmor.d/profiles-s-z/xautolock index f68d233d..3aebbe52 100644 --- a/apparmor.d/profiles-s-z/xautolock +++ b/apparmor.d/profiles-s-z/xautolock @@ -13,7 +13,7 @@ profile xautolock @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/env rix, # Locker apps to launch. diff --git a/apparmor.d/profiles-s-z/xinit b/apparmor.d/profiles-s-z/xinit index 2b4071af..8c8428d1 100644 --- a/apparmor.d/profiles-s-z/xinit +++ b/apparmor.d/profiles-s-z/xinit @@ -20,7 +20,7 @@ profile xinit @{exec_path} { @{exec_path} mr, @{bin}/ r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/{,e}grep rix, @{bin}/{m,g,}awk rix, @{bin}/cat rix, diff --git a/apparmor.d/profiles-s-z/youtube-viewer b/apparmor.d/profiles-s-z/youtube-viewer index 7dd713cb..b99c5a5e 100644 --- a/apparmor.d/profiles-s-z/youtube-viewer +++ b/apparmor.d/profiles-s-z/youtube-viewer @@ -27,7 +27,7 @@ profile youtube-viewer @{exec_path} { @{exec_path} r, @{bin}/perl r, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/infocmp rix, @{bin}/stty rix, diff --git a/apparmor.d/profiles-s-z/zpool b/apparmor.d/profiles-s-z/zpool index 00472ab2..e5aff51c 100644 --- a/apparmor.d/profiles-s-z/zpool +++ b/apparmor.d/profiles-s-z/zpool @@ -15,7 +15,7 @@ profile zpool @{exec_path} { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, /{usr/,}{local/,}lib/zfs-linux/zpool.d/* rix, /etc/hostid r, diff --git a/apparmor.d/profiles-s-z/zsys-system-autosnapshot b/apparmor.d/profiles-s-z/zsys-system-autosnapshot index f42046a4..0732978e 100644 --- a/apparmor.d/profiles-s-z/zsys-system-autosnapshot +++ b/apparmor.d/profiles-s-z/zsys-system-autosnapshot @@ -13,7 +13,7 @@ profile zsys-system-autosnapshot @{exec_path} flags=(complain) { @{exec_path} mr, - @{bin}/{,ba,da}sh rix, + @{sh_path} rix, @{bin}/cat rix, @{bin}/cp rix, @{bin}/rm rix, diff --git a/apparmor.d/tunables/multiarch.d/paths b/apparmor.d/tunables/multiarch.d/paths index d5740d85..4c6b97a0 100644 --- a/apparmor.d/tunables/multiarch.d/paths +++ b/apparmor.d/tunables/multiarch.d/paths @@ -5,6 +5,8 @@ # Define some paths for some commonly used programs # All the shells +@{sh} = sh zsh bash dash +@{sh_path} = @{bin}/@{sh} @{shells} = sh zsh bash dash fish rbash ksh tcsh csh @{shells_path} = @{bin}/@{shells}